Cybersecurity |
Sponsored by |
|
New report released today finds 75 percent of malicious websites are from legitimate, trusted sources with "Good" reputation scores. According to the report, 60 percent of the top 100 most popular websites either hosted malicious content or contained a masked redirect to lure unsuspecting victims from legitimate sites to malicious sites. more
From the perspective of Internet security operations, here is what Net Neutrality means to me. I am not saying these issues aren't important, I am saying they are basically arguing over the colour of bits and self-marginalizing themselves. For a while now I tried not to comment on the Net Neutrality non-issue, much like I didn't comment much on the whole "owning the Internet by owning the Domain Name System" thingie. Here it goes anyway. Two years ago I strongly advocated that consumer ISP's should block some ports, either as incident response measures or as permanent security measures... more
Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more
One of the more persistent founding myths around the internet is that it was designed to be able to withstand a nuclear war, built by the US military to ensure that even after the bombs had fallen there would still be communications between surviving military bases. It isn't true, of course. The early days of the ARPANET, the research network that predated today's internet, were dominated by the desire of computer scientists to find ways to share time on expensive mainframe computers rather than visions of Armageddon. Yet the story survives... more
In Ian Flemming's Thunderball M sends 007 to the Bahamas on a hunch that SPECTRE is hiding something there. Well, it's been our hunch for a while that the Bahamas "office" for the Registrar Internet.BS does not exist. Now we have confirmation of such. It has been documented in an explosive undercover expose by LegitScript that Internet.BS address as stated could not be verified, could not accept mail, and that the business itself could not actually be found in the Bahamas. more
The year 2010 is turning out to be the "year of DNSSEC" from Registry implementations, Registrar implementations, ISP support, to the Root being signed this summer. Because we are dealing with such critical infrastructure, it is important to not lose sight of careful implementations. more
Feb. 3, 2011, came and went without much fanfare, but it was a milestone for Internet stakeholders, whether they knew it or not. On that Thursday, the last available IPv4 addresses were allocated by the Internet Assigned Numbers Authority (IANA). Though some Regional Internet Registries (RIRs) have a reasonable inventory of IP addresses that could last another year or two, the days of "new" IPv4 address allocations are largely over. more
When 72 candidates vie for 8 positions, making tough choices are inevitable. ICANN's 2005 Nominating Committee (Nom-Com) on Friday announced the selection of a diverse and independent set of nominees for important roles in ICANN, including the Board of Directors, the Generic Names Supporting Organization (GNSO), the At-Large Advisory Council (ALAC) and the Country Code Names Supporting Organization (ccNSO). more
This is a followup to Wout de Natris' as usual excellent piece on the Enisa botnet report -- pointing out the current state of mobile malware and asking some questions I started off answering in a comment but it grew to a length where I thought it'd be better off in its own post. Going through previous iterations of Mikko's presentations on mobile malware is a fascinating exercise. more
The Internet Governance Forum (IGF) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and Internet security industry don't have much to do there, but I have a few updates for us from the conference. more
Contrary to conventional wisdom, the vast majority of business and IT executives report that cloud computing is a viable technology option that can improve a company's bottom-line results according to a new global survey conducted by an independent market research firm. However, despite growing evidence that cloud-based systems have the potential to lower costs, the majority of companies report no plans to integrate cloud computing in the next 12 months... more
At the beginning of this year, a set of powerhouse organizations in cybersecurity (CSO Magazine, Deloitte, Carnegie Mellon's CERT program, and the U.S. Secret Service) released the results of a survey of 523 business and government executives, professionals and consultants in the ICT management field. The reaction generated by this survey provides an unusually clear illustration of how cyber-security discourse has become willfully detached from facts. more
An anonymous tip has lead security experts Brian Krebs and Matthew Chambers to four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains. more
One of the most interesting and important changes to the internet's domain name system (DNS) has been the introduction of the DNS Security Extensions (DNSSEC). These protocol extensions are designed to provide origin authentication for DNS data. In other words, when DNS data is digitally signed using DNSSEC, authenticity can be validated and any modifications detected. more
The United States is under cyber-attack. An article in Time magazine titled "The Invasion of the Chinese Cyberspies" discusses a computer-network security official for Sandia National Laboratories who had been "tirelessly pursuing a group of suspected Chinese cyberspies all over the world." The article notes that the cyberespionage ring, known to US investigators as Titan Rain, has been "penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies." more
A World-Renowned Source for Internet Developments. Serving Since 2002.