Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
At the end of January, the DMARC (Domain-based Message Authentication, Reporting & Conformance) specification was publicly announced and resulted in widespread media coverage, blog posts and discussion. Since that time various individuals and organizations have been working on writing code for DMARC validators and report parsers. The dmarc-discuss list has been fairly active as various questions and issues have been raised and clarified. Now it is time to see how well the various implementations play together in live testing. more
Today UK's new consumer protection laws against hacking and cyber-attacks officially take effect. This legislation, a global first, mandates that all internet-connected smart devices - from smartphones and game consoles to connected refrigerators - meet stringent security standards. more
With companies realizing the threat of hefty fines, lawsuits, and executive resignations that can follow security breaches, companies are scrambling to scoop up scarce security experts. more
The Western energy sector is being targeted by a new wave of cyberattacks capable of providing attackers ability to severely disrupt affected operations, according to reports on Wednesday. more
China's newly released International Strategy on Cyberspace is marked by three distinctive layers with different degree of priority: (1) sovereignty (or cybersecurity, or UN Charter), (2) globalization (or digital economy, or WTO rules), and (3) fundamental freedoms (or human rights, or UDHR). The good point of the strategy is that it tries to make the three layers peacefully co-exist in one document. The failure, however, lies in the intentional ranking of relevance/importance of the three layers... more
According to the majority of the testimony at this month's "Spam Summit," held by the U.S. Federal Trade Commission (FTC), the state of the fight against spam is pretty much the same as it has been for the last several years. The two days of presentations can largely be boiled down to the following bullets: Spam volumes continue to increase, being driven by the growth of "botnets"... Oh, and the spam wars are a lot less exciting than they used to be. Case in point: unlike last time, there were no fist-fights at this year's shindig. more
A few months ago, there was a lot of discussion that despite its claims, Zoom did not actually offer end-to-end encryption. They're in the process of fixing that, which is good, but that raises a deeper question: why trust their code? (To get ahead of myself, this blog post is not about Zoom.) If Zoom has the key but doesn't abuse it, there isn't a problem, right? Let's fast-forward to when they deploy true end-to-end encryption. Why do we trust their code not to leak the secret key? more
In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains. more
The Caribbean is under virtual siege as incidents of cyber attacks and cyber crimes surge across the region. "The sophisticated use of technology by highly incentivised criminal organisations has created unprecedented opportunities for transnational crime elements that no one region, country or entity can fight on its own. More inter-regional cooperation and collaboration are needed to develop and implement smart and integrated approaches to fight new and emerging cyber threats." more
There has been a lot of talk about how the DNS can provide network-based security, and how DNS is in the best position to detect malware traffic before it does any harm. But what does this mean for end users? How does it make their online lives easier and more secure? DNS servers that are aware of sites that host malware, perform phishing activities (harvesting bank details, for instance) and other nefarious misbehaviors, can prevent end users from ever going to those sites. more
Amidst all the recent reports of data breaches, Gunter Ollmann of IBM Internet Security Systems, has reported today about one particular case which may be the largest data breach to date. Ollmann wirtes: "The media has been full of analysis concerning data breaches over the last couple of weeks, mostly related to the uptick in 2008 reports. While much of this increase can be accounted for by the wider adoption of state legislation that mandates companies to publicly disclose their data breaches, I think it is worth pointing out today's latest disclosure -- which is quite probably the largest breach ever." more
An apparent Iranian influence operation targeting internet users worldwide is reported as significantly larger than previously identified, Reuters reports. more
According to a report by the Defense Science Board, the President-elect Barack Obama will inherit a cybersecurity infrastructure that is ill-prepared for advanced cyberattacks which will be of particular challenge for the new leaders... Reporting today on eWeek, Roy Mark writes: "The Bush administration has been widely criticized by security experts as de-emphasizing cyber-security and hamstringing the authority of officials in charge of government-wide cyber-security" said Roy Mark in a report eWeek." more
In Part 1 of "Bug Bounty Programs: Are You Ready?" we examined the growth of commercial bug bounty programs and what organizations need to do before investing in and launching their own bug bounty. In this part, we'll discuss why an organization needs to launch a bug bounty program, and what limits the value they will likely extract from such an investment. more
A national-level cybersecurity industrial park is under development in Beijing, China to boost the industry and tap into the potential of domestic tech companies. more
A World-Renowned Source for Internet Developments. Serving Since 2002.