Cybersecurity

Biden Administration Bans Federal Agencies from Using Commercial Spyware

The Biden administration has announced an executive order that would ban U.S. federal agencies from using commercially developed spyware that poses threats to human rights and national security. more

Amnesty International: Popular Mobile Apps Failing to Adopt Basic Privacy Protections

"Tech companies like Snapchat and Skype's owner Microsoft are failing to adopt basic privacy protections on their instant messaging services, putting users' human rights at risk," says Amnesty International. more

Chinese Hackers Exploit U.S. Telecom Systems, Eviction Efforts Lag

American officials have revealed an ongoing struggle to expel Chinese hackers from telecommunications networks, months after the espionage was first discovered. The campaign, attributed to a group called "Salt Typhoon," has infiltrated major telecom carriers, particularly in the Washington region. more

BGP Security: A Gentle Reminder that Networking is Business

At NANOG on the Road (NotR) in September of 2018, I participated in a panel on BGP security -- specifically the deployment of Route Origin Authentication (ROA), with some hints and overtones of path validation by carrying signatures in BGP updates (BGPsec). This is an area I have been working in for... 20 years? ... at this point, so I have seen the argument develop across these years many times, and in many ways. more

U.S. Senators Introduce SEC Cybersecurity Disclosure Legislation

U.S. Senators Jack Reed (D-RI) and Susan Collins (R-ME) have introduced the bipartisan Cybersecurity Disclosure Act of 2015 on Thursday, a bill that seeks to encourage the disclosure of cybersecurity expertise, or lack thereof, on corporate boards at publicly traded companies. more

ICANN Gets an In-House Physical Security Operations Professional

ICANN has announced a new hire, Mark Jardina – an expert in global security and health and safety as Vice President of Security Operations. more

US Congress Website Recovers from a Crippling 3-Day DNS Attack

A number of websites owned and operated by the United States Congress are recovering from a three-day DNS attack. more

We Blinked and the World Changed: Challenges of Generative AI to Internet Governance

The pace of generative AI development has been astonishing to the degree that the normative space has been unable to keep up. As governments start looking into some implementations of the technology, such as ChatGPT, more advanced techniques and products continue to emerge by the day. Society is changing in irrevocable ways, and it is paramount that the Internet Governance community turns its attention to this question. more

US New Cybersecurity Strategy Includes Military Option

Defense Systems reports: "The U.S. government's sweeping new cybersecurity strategy announced May 16 states that the country will respond to a major cyberattack using any or all of the means at its disposal, reports the Associated Press. Although military response to a cyberattack is one of the options listed in the International Strategy for Cyberspace, it will be considered only as a last resort, officials said." more

Study Reveals 76% of Internet Users Vulnerable to Browser History Detection

A recent study reveals a browser history detection method, largely dismissed as an issue with minimal impact, can in fact be used against a vast majority of Internet users with significant malicious potential. Researchers, Artur Janc and Lukasz Olejnik, analyzed real-world results obtained from 271,576 Internet users and have reported the results in a paper titled, "Feasibility and Real-World Implications of Web Browser History Detection". more

China Says It Will Use All Means, Including Military, to Ensure Online Security

"Beijing vowed on Tuesday to use all necessary means, including military ones, to wipe out subversion and attempts to undermine its sovereignty in cyberspace," Zhuang Pinghui reporting in South China Morning Post. more

Cloudflare Uses Lava Lamps to Generate Encryption Keys

The web performance and security company, Cloudflare has shared one of the methods it uses to ensure randomness when generating encryption keys. more

Trust, but Verify

We are at an inflection point in our lifetimes. The Internet is broken, seriously broken... Almost all of the systems currently in use on the Internet are based on implicit trust. This has to change. The problem is that these systems are so embedded in our everyday lives that it would be, sort of like, changing gravity, very difficult. more

Emergency Patch Issued for Samba, WannaCry-type Bug Exploitable with One Line of Code

The team behind the free networking software Samba has issued and emergency patch for a remote code execution vulnerability. more

ICANN Appoints IID’s Rod Rasmussen to Its Security and Stability Advisory Committee

ICANN has appointed IID President and CTO Rod Rasmussen to its Security and Stability Advisory Committee (SSAC). An area that Rasmussen's work and recent SSAC reports have both covered in-depth is domain name hijacking. Recent hijackings against UFC.com and Coach.com, and similar past attacks against CheckFree, Comcast and Twitter have heightened awareness about the security dangers with the Internet's infrastructure. more