Cybersecurity |
Sponsored by |
Congratulations and thanks to ICANN for hosting the North America Regional meeting at the Sheraton in downtown Toronto, Canada. This event was done first class and was in my opinion a highly successful meeting... At this regional ICANN meeting many interesting topics were covered. Some topics though not at the foremost of my mind, surprisingly were not only highly interesting but very informative. more
Virus researchers at Symantec Corp. have revealed a variant of the Stuxnet worm, named Duqu, that is found to be stealing information about industrial control systems. Symantec reports: "Duqu's purpose is to gather intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility... Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose." more
Ryan Naraine reporting at Threatpost: "Head of Google's anti-malvertising team Eric Davis wants Internet Service Providers (ISPs) to look beyond profits and take a more proactive approach to dealing with malware-infested computers on their networks. During a keynote presentation at the Virus Bulletin conference here, Davis said competitors in the ISP space must look beyond profits and partner on new initiatives to deal with the "parasites" that have taken control of the Internet landscape." more
If it's not an era of intense faith in the multilateral system, somewhere among the Trump Administration's anonymous adults in the room there is a believer, and the Internet might be the better for it. Evidence for the existence of this fifth columnist lies in the US National Cyber Strategy, launched last month under the commander-in-chief's unprepossessing signature, which looks to provide security for America's connected economy. more
Messaging Anti-Abuse Working Group (MAAWG) has issued the first best practices aimed at helping the global ISP industry work more closely with consumers to recognize and remove bot infections on end-users' machines. The paper outlines a three-step approach with recommendations for detecting bots, notifying users that their computers have been compromised, and guiding them in removing the malware. more
Jim Cowie of Renesys reports: Traffic interception has certainly been a hot topic in 2013. The world has been focused on interception carried out the old fashioned way, by getting into the right buildings and listening to the right cables. But there's actually been a significant uptick this year in a completely different kind of attack. more
The United States White House Office of Science and Technology Policy (OSTP) has released a new report titled, Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program, specifying an agenda for "game-changing" cybersecurity R&D according to an official announcement today. The report is described as "a roadmap to ensuring long-term reliability and trustworthiness of the digital communications network that is increasingly at the heart of American economic growth and global competitiveness." more
In just one week, representatives of governments from all around the world will gather at the UN headquarters in New York for the 10-year Review of the World Summit on the Information Society, a.k.a. "WSIS+10". We are very pleased to see the consensus forming that the principles of multi-stakeholder cooperation and engagement should be at the core of the Information Society. Moreover, consensus has emerged around a "post-2015" vision for how the Internet can be used to support the Sustainable Development Goals (SDGs) that will bring about a better future for us all. more
The Federal Bureau of Investigation (FBI) is facing a massive cybersecurity challenge as the U.S. is vastly outnumbered by Chinese hackers, according to FBI Director Christopher Wray. In testimony before the House Appropriations Subcommittee on Thursday, Wray urged Congress to provide the FBI with more funds to bolster its cyber intelligence staff. more
Public Interest Registry (PIR), a domain registration and management service for the .org top-level domain, has partnered with the American Red Cross, aiming to combat online fraud, especially in the context of fundraising in emergencies. The collaboration seeks to increase internet safety and enhance public trust in online donations to charitable causes. more
In a developing cybersecurity concern, IT experts and researchers warn of potential misuse of Google's new .zip and .mov top-level domains (TLDs), which they argue could be exploited for phishing attacks and malware distribution. more
The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a warning about an active "spear phishing" campaign targeting companies in the natural gas pipeline sector. In an advisory issued last week, ICS-CERT said it has received information about targeted attacks and intrusions into multiple organizations over the past several months. more
Eugene Kaspersky, co-founder of Internet security software Kaspersky Lab, was recently interviewed PC World where he talked about his views regarding cybersecurity and the evolution of malware. In response to fixing the problems with malware on the Internet, Kapersky says: "The Internet was never designed with security in mind. If I was God, and wanted to fix the Internet, I would start by ensuring that every user has a sort of Internet passport: basically, a means of verifying identity, just like in the real world, with driver's licenses and passports and so on. The second problem is one of jurisdiction. The Internet has no borders, and neither do the criminals who operate on the Internet. However, law enforcement agencies have jurisdictional limits, and are unable to conduct investigations across the globe. ... There is no such thing as anonymity on the Internet, for the average user." more
Last month, application security provider Veracode came out with a study that stated that more than half of all enterprise applications aren't secure. The company tested approximately 2,900 applications over an 18-month period, and 57 percent failed to meet Veracode's "acceptable levels" of security. While this study gained a tremendous amount of traction in the media... it does not focus on the bigger issue... more
Before the Holidays, Yahoo got a flurry of good press for the announcement that it would (as the LA Times puts it) "purge user data after 90 days." My eagle-eyed friend Julian Sanchez noticed that the "purge" was less complete than privacy advocates might have hoped. more