Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
A sophisticated cybercrime group that has maintained an especially devious Trojan horse for nearly three years has stolen login credentials of close to 300,000 online bank accounts and almost as many credit cards during that time, according to reports released today by RSA FraudAction Research Lab. The spyware is called Sinowal Trojan, also known as Torpig and Mebroot. RSA reports that their findings are based on data collected on this Trojan over the course of almost three years -- including information regarding its design and its infrastructure. Findings indicate that this may be one of the most pervasive and advanced pieces of crimeware ever created by fraudsters, say RSA experts. more
A recent study by researchers at the Cooperative Association for Internet Data Analysis (CAIDA) at the San Diego Super Computer Center (SDSC) revealed that a staggering 98% of the global Internet queries to one of the main root servers, at the heart of the Internet, were unnecessary. This analysis was conducted on data collected October 4, 2002 from the 'F' root server located in Palo Alto, California.
The findings of the study were originally presented to the North American Network Operators' Group (NANOG) on October 2002 and later discussed with Richard A. Clarke, chairman of the President's Critical Infrastructure Protection Board and Special Advisor to the U.S. President for Cyber Space Security. more
In Part I of this article I set the stage for our discussion and overviewed the October 21st DDoS attacks on the Internet's 13 root name servers. In particular, I highlighted that the attacks were different this time, both in size and scope, because the root servers were attacked at the same time. I also highlighted some of the problems associated with the Domain Name System and the vulnerabilities inherent in BIND. Part II of this article takes our discussion to another level by critically looking at alternatives and best practices that can help solve the security problems we've raised. more
Recently, I entered my domain name in a "WHOIS" database query to test the results of the database by using WHOIS on a number of domain name registrar websites. WHOIS is a database service that allows Internet users to look up a number of matters associated with domain names, including the full name of the owner of a domain name, the name of the domain name hosting service, the Internet Protocol or I.P. number(s) corresponding to the domain name, as well as personally identifying information on those who have registered domain names. I was astonished to find... more
As the world becomes more and more reliant on electronics, it's worth a periodic reminder that a large solar flare could knock out much of the electronics on earth. Such an event would be devastating to the Internet, satellite broadband, and the many electronics we use in daily life. A solar flare is the result of periodic ejections of matter from the sun into space. Scientists still aren't entirely sure what causes solar flares, but they know that it's somehow related to shifts in the sun's magnetic field. more
Amidst the fascinating news from the SCO saga, preparing for SANS London and contributing to the Unix timeline project at Grokline my eyes caught a piece of rather distressing news on the BBC. It appears that BT (British Telecom) intends to move its current phone network to an IP-based network by 2009 thereby sending the circuit-switched technology off to the attic. The real question is: can we guarantee the same level of reliability on VoIP as we had on circuit-switched telephony when the stated aim is to carry both voice and data traffic down the same cables (or fibres more likely)? more
On April 16 ICANN issued a breach notice to Turkish Registrar Alantron for not consistently providing access to its WHOIS database via Port 43, a command-line query location that all Registrars are required to supply under conditions of their contract with ICANN under section 3.3.1. Four days later they issued a breach to Internet Group do Brazil for the same problem. ... The WHOIS record, as we all know, is a massive fraud with illicit parties filling records with bogus information and hiding behind anonymity. more
Earlier this year, ICANN began to seriously consider the various effects of adding DNS protocol features and new entries into the Root Zone. With the NTIA announcement that the Root Zone would be signed this year, a root scaling study team was formed to assess the scalability of the processes used to create and publish the Root Zone. Properly considered, this study should have lasted longer than the 120 days -- but the results suggest that scaling up the root zone is not without risk -- and these risks should be considered before "green-lighting" any significant changes to the root zone or its processes. I, for one, would be interested in any comments, observations, etc. (The caveats: This was, by most measures, a rush job. My spin: This is or should be a risk assessment tool.) Full report available here [PDF]. more
As a member of the ROW Planning Committee, I am writing this post on behalf of the Committee and welcome all community members to join us on June 4th. We are celebrating ROW's 10th anniversary! A decade of collaboration and inspiration! Thank you to the incredible community that has fueled this journey! more
Internet domain names are truly bizarre. There is nothing especially remarkable about them from a technical perspective, but from a social and political perspective they are all sorts of fun. We can have arguments over control of the DNS root, arguments over whether names are property, arguments over innate rights to specific names, arguments over a registrar's right (or lack thereof) to exploit unregistered names for private gain, and many more arguments besides. In this article, I'd like to explore the argument-space rather than defend any particular position in it. In so doing, I hope to illuminate some novel (or under-emphasised) perspectives on the matter. more
In 2018, Internet Governance will be one of the top priorities in the geo-strategic battles among big powers. In today's world, every global conflict has an Internet-related component. There is no international security without cybersecurity. The world economy is a digital economy. And human rights are relevant offline as well as online. It is impossible to decouple cyberspace from the conflicts of the real world. more
For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities... The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. more
There are two Bills that are floating through the corridors of power on the Hill that could potentially change the course of civil and political rights within the United States and the world. One was introduced through the House of Representatives and the other through the Senate. The two Bills touch on a common thread that are premised on "national security" however there are interesting challenges that will surface should the Bills be passed that affect global public interest that require further examination, introspection and discussion. more
At the beginning of last year, MarkMonitor participated in VeriSign's beta program to test server-level protections which were designed to mitigate the potential for unintended domain name changes, deletions and transfers. When VeriSign finally released their Registry Locking Program to all registrars, I expected to see the owners of highly trafficked sites flocking to this new offering. However, after a review of the top 300 most highly trafficked sites, I was shocked to uncover that less than 10% of these valuable domains were protected using these newly available security measures. more
A couple of days ago the BBC reported that a document called the Information Operations Roadmap (PDF) had been declassified and that it contained some pretty interesting stuff. The American dominance over the Internet, recently manifested by its unwillingness to hand over some of the critical control to UN-organizations, may have another side to it. more
A World-Renowned Source for Internet Developments. Serving Since 2002.