Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
OK, you know things are getting bad when Ameritrade leaks its customer information yet again, and I don't even bother to report it because it's not news anymore. Well, recent updates to the story have prompted me to correct that omission. Yes, it happened again. Roughly a month ago, correspondents began to receive pump-n-dump spam to tagged email addresses which they had given only to Ameritrade... This now marks the third major confirmed leak of customer information from Ameritrade. In addition, the Inquirer reported the loss of 200,000 Ameritrade client files in February 2005. One correspondent informs me that this has happened to him on four or five previous occasions. more
Earlier this week in a press release, VeriSign said that they are selling their SSL certificate business to Symantec. VeriSign is the dominant player in this market, having absorbed competitor Thawte in 1999, and Geotrust in 2006. Three years ago, when VeriSign decided to divest its non-core businesses, they kept the certificate business. So what's changed? more
A report recently released by McAfee Advanced Threat Research (ATR) revealed a fileless attack targeting organizations involved with the Pyeongchang Olympics. more
Here we are, all the way up to Myth #4! That makes this the 4th installment of our 10 part series on the top IPv6 Security Myths. This myth is one of my favorite myths to bust when speaking with folks around the world. The reason for that is how many otherwise well-informed and highly experienced engineers, and others, hold this myth as truth. It's understandable, really. more
FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more
Many of us were expecting radical changes in 2010 to the domain name market. There definitely were some of those -- just not the ones I expected. From the seizure of domains names by the US Government to ICANN's removal of restrictions on Registry/Registrar cross-ownership, 2010 was a year full of surprises. In this post, I've compiled what I think were the biggest domain name stories in 2010. more
ICANN has announced today that it has tentatively agreed to settle a longstanding dispute with VeriSign Inc. The dispute which began in part from SiteFinder, a controversial search service VeriSign created in late 2003 for users who mistype Web addresses. The following is an excerpt from today's press release... more
Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more
Swedish Regulator PTS have today notified .SE, the Swedish (.SE) TLD registry that they have to change the rules... In short, the decision implies that any form of the sequence of the characters "b", "a", "n", "k" are illegal in domain names in Sweden. Further that checks of what domain names are registered are to be checked before registration. more
The Noncommercial Users Constituency (NCUC) is the constituency group representing civil society organizations in the formation of domain name policy. In August 2004 it initiated a process to nominate people to serve on the UN Secretary-General's Working Group on Internet Governance, as representatives of civil society. Our purpose was to assist the Secretary-General to identify qualified and widely-supported individuals capable of serving on the WGIG on behalf of civil society. more
I had quite an interesting experience recently. I was hired by a company to perform a vulnerability assessment and penetration test on their network. During the initial meeting, one of the key technical staff presented me with a challenge; He handed over the NTLM hash of the domain Administrator account and challenged me to decipher it. He explained that the complexity and length of the password would prevent me from deciphering it during the time allotted for the project. He was actually quite confident in my impending failure... more
I've written recently about a general purpose method called DNS Response Policy Zones (DNS RPZ) for publishing and consuming DNS reputation data to enable a market between security companies who can do the research necessary to find out where the Internet's bad stuff is and network operators who don't want their users to be victims of that bad stuff... During an extensive walking tour of the US Capitol last week to discuss a technical whitepaper with members of both parties and both houses of the legislature, I was asked several times why the DNS RPZ technology would not work for implementing something like PROTECT-IP. more
We're back again with part 3 in this 10 part series that seeks to bust 10 of the most common IPv6 security myths. Today's myth is a doozy. This is the only myth on our list that I have seen folks raise their voices over. For whatever reason, Network Address Translation (NAT) seems to be a polarizing force in the networking world. It also plays a role in differentiating IPv4 from IPv6. more
Now that IPv6 is being actively deployed around the world, security is more and more a growing concern. Unfortunately, there are still a large number of myths that plague the IPv6 security world. These are things that people state as fact but simply aren't true. While traveling the world, talking to the people who've already deployed IPv6, I've identified what I believe are the ten most common IPv6 security myths. more
There have been a number of attacks on the root name servers over the years, and much written on the topic. (A few references are here, here and here.) Even if you don't know exactly what these servers do, you can't help but figure they're important when the US government says it is prepared to launch a military counterattack in response to cyber-attacks on them. more
A World-Renowned Source for Internet Developments. Serving Since 2002.