Cybersecurity

US New Cybersecurity Strategy Includes Military Option

Defense Systems reports: "The U.S. government's sweeping new cybersecurity strategy announced May 16 states that the country will respond to a major cyberattack using any or all of the means at its disposal, reports the Associated Press. Although military response to a cyberattack is one of the options listed in the International Strategy for Cyberspace, it will be considered only as a last resort, officials said." more

Biden Administration Bans Federal Agencies from Using Commercial Spyware

The Biden administration has announced an executive order that would ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. more

New Research Reveals Over 340 Million Accounts Compromised in the First Four Months of 2023

Recent research conducted by the Independent Advisor reveals that a significant number of accounts, exceeding 340 million, have been compromised due to business data breaches within the first four months of 2023. Notably, Twitter experienced the largest breach this year, impacting approximately 235 million user accounts. more

BGP Security: A Gentle Reminder that Networking is Business

At NANOG on the Road (NotR) in September of 2018, I participated in a panel on BGP security -- specifically the deployment of Route Origin Authentication (ROA), with some hints and overtones of path validation by carrying signatures in BGP updates (BGPsec). This is an area I have been working in for... 20 years? ... at this point, so I have seen the argument develop across these years many times, and in many ways. more

We Blinked and the World Changed: Challenges of Generative AI to Internet Governance

The pace of generative AI development has been astonishing to the degree that the normative space has been unable to keep up. As governments start looking into some implementations of the technology, such as ChatGPT, more advanced techniques and products continue to emerge by the day. Society is changing in irrevocable ways, and it is paramount that the Internet Governance community turns its attention to this question. more

Huawei Says They Are Willing to Sign No-Spy Agreements With Governments

During a London conference, Huawei's chairman Liang Hua told reporters the company would sign no-spy agreements with governments as a response to United States' pressure on Europe to bar the Chinese telecommunications company over spying concerns. more

Cloudflare Uses Lava Lamps to Generate Encryption Keys

The web performance and security company, Cloudflare has shared one of the methods it uses to ensure randomness when generating encryption keys. more

Germany Investigating Legal Grounds to Destroy Servers Used to Carry Out Cyberattacks

Hans-Georg Maassen, Germany's head of the German Federal Office for the Protection of the Constitution says large amounts of data were seized during the May 20015 cyberattack on lower house of parliament (Bundestag). more

GoDaddy Reveals Its Network Suffered a Multi-Year Security Compromise

On Friday, GoDaddy revealed that it had suffered a multi-year security compromise that allowed unknown attackers to steal company source code, customer and employee login credentials, and install malware that redirected customer websites to malicious sites. more

Experts Urge Support for Security Researchers, Call a Stop to Intimidation Efforts

Over fifty experts and expert advocates have released an open letter in support of security research and against efforts to chill or intimidate security researchers. more

Security Shortfalls Exposed in End-to-End Encrypted Cloud Storage Providers

A recent study critically examines the security of popular end-to-end encrypted (E2EE) cloud storage providers, uncovering significant vulnerabilities in platforms widely marketed for their user-controlled privacy features. more

Apple vs FBI: Apple and Others to Argue on the Hill

Tomorrow afternoon at 1pm EST Apple will be giving testimony to the House Judiciary Committee. The session that Apple and others will be taking part in is aptly named, The Encryption Tightrope: Balancing Americans' Security and Privacy In common with other hearings the various witnesses called to speak have already submitted their written testimony, so we can already look at it and analyse it. more

DDoS Mitigation: A Blend of Art and Science

As DDoS attacks become larger, more frequent and complex, being able to stop them is a must. While doing this is part science, a matter of deploying technology, there is also an art to repelling sophisticated attacks. Arbor Networks, Citrix and others make great gear, but there's no magic box that will solve all your problems for you. Human expertise will always be a crucial ingredient. more

WikiLeaks’ Vault 7: CIA Gives a Free Lesson in Personal Cyber Security

WikiLeaks' newly released Vault 7 trove is a tantalizing study in how one of the world's premiere intelligence agencies hacks devices. Analysts and experts have signaled that this leak appears authentic based on some clues in the content. But while it may ultimately be comparable in size to the Snowden or Manning leaks, it lacks the "wow" factor that made those landmark whistleblowing cases so important. What lessons are to be learned from the leaks, and how should we apply them to our personal digital lives? more

ICANN Website Breached, Passwords Obtained by an Unauthorized Person

Usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website have been obtained by an unauthorized person, the Internet Corporation for Assigned Names and Numbers announced Wednesday night. more