Cybersecurity

ICANN Appoints IID’s Rod Rasmussen to Its Security and Stability Advisory Committee

ICANN has appointed IID President and CTO Rod Rasmussen to its Security and Stability Advisory Committee (SSAC). An area that Rasmussen's work and recent SSAC reports have both covered in-depth is domain name hijacking. Recent hijackings against UFC.com and Coach.com, and similar past attacks against CheckFree, Comcast and Twitter have heightened awareness about the security dangers with the Internet's infrastructure. more

Study Reveals 76% of Internet Users Vulnerable to Browser History Detection

A recent study reveals a browser history detection method, largely dismissed as an issue with minimal impact, can in fact be used against a vast majority of Internet users with significant malicious potential. Researchers, Artur Janc and Lukasz Olejnik, analyzed real-world results obtained from 271,576 Internet users and have reported the results in a paper titled, "Feasibility and Real-World Implications of Web Browser History Detection". more

Identify DDoS Attacks with External Performance Monitoring (Part 2 of 3)

In Part One of this series, we examined internal server, network and infrastructure monitoring applications. Now let's take a look at another way to capture DDoS information: external performance monitoring... Unlike network/infrastructure tools - which are usually installed inside a customer's network - external performance monitoring solutions are typically provided by a third party and leverage monitoring locations from around the world. more

US New Cybersecurity Strategy Includes Military Option

Defense Systems reports: "The U.S. government's sweeping new cybersecurity strategy announced May 16 states that the country will respond to a major cyberattack using any or all of the means at its disposal, reports the Associated Press. Although military response to a cyberattack is one of the options listed in the International Strategy for Cyberspace, it will be considered only as a last resort, officials said." more

New Paper Proposes ‘Attested DNS’ to Secure Domain Names with Trusted Hardware

Azure researchers propose attested DNS, a system that embeds confidential computing into the internet's naming infrastructure. By binding domain names to trusted hardware and software, it enhances service verification while maintaining compatibility with existing web technologies. more

Huawei Says They Are Willing to Sign No-Spy Agreements With Governments

During a London conference, Huawei's chairman Liang Hua told reporters the company would sign no-spy agreements with governments as a response to United States' pressure on Europe to bar the Chinese telecommunications company over spying concerns. more

Cloudflare Uses Lava Lamps to Generate Encryption Keys

The web performance and security company, Cloudflare has shared one of the methods it uses to ensure randomness when generating encryption keys. more

Experts Urge Support for Security Researchers, Call a Stop to Intimidation Efforts

Over fifty experts and expert advocates have released an open letter in support of security research and against efforts to chill or intimidate security researchers. more

BGP Security: A Gentle Reminder that Networking is Business

At NANOG on the Road (NotR) in September of 2018, I participated in a panel on BGP security -- specifically the deployment of Route Origin Authentication (ROA), with some hints and overtones of path validation by carrying signatures in BGP updates (BGPsec). This is an area I have been working in for... 20 years? ... at this point, so I have seen the argument develop across these years many times, and in many ways. more

We Blinked and the World Changed: Challenges of Generative AI to Internet Governance

The pace of generative AI development has been astonishing to the degree that the normative space has been unable to keep up. As governments start looking into some implementations of the technology, such as ChatGPT, more advanced techniques and products continue to emerge by the day. Society is changing in irrevocable ways, and it is paramount that the Internet Governance community turns its attention to this question. more

Germany Investigating Legal Grounds to Destroy Servers Used to Carry Out Cyberattacks

Hans-Georg Maassen, Germany's head of the German Federal Office for the Protection of the Constitution says large amounts of data were seized during the May 20015 cyberattack on lower house of parliament (Bundestag). more

GoDaddy Reveals Its Network Suffered a Multi-Year Security Compromise

On Friday, GoDaddy revealed that it had suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. more

Apple vs FBI: Apple and Others to Argue on the Hill

Tomorrow afternoon at 1pm EST Apple will be giving testimony to the House Judiciary Committee. The session that Apple and others will be taking part in is aptly named, The Encryption Tightrope: Balancing Americans' Security and Privacy In common with other hearings the various witnesses called to speak have already submitted their written testimony, so we can already look at it and analyse it. more

ICANN Website Breached, Passwords Obtained by an Unauthorized Person

Usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website have been obtained by an unauthorized person, the Internet Corporation for Assigned Names and Numbers announced Wednesday night. more

New Research Reveals Over 340 Million Accounts Compromised in the First Four Months of 2023

Recent research conducted by the Independent Advisor reveals that a significant number of accounts, exceeding 340 million, have been compromised due to business data breaches within the first four months of 2023. Notably, Twitter experienced the largest breach this year, impacting approximately 235 million user accounts. more