Cybersecurity |
Sponsored by |
|
Internet security has been a primary focus this week for more than 1100 engineers and technologists from around the world gathered at the 88th meeting of the Internet Engineering Task Force (IETF). Participants are rethinking approaches to security across a wide range of technical areas. more
IT security strategies invariably focus on maintaining impenetrable fortresses around computers and network systems. Firewalls, virtual private networks and anti-virus programs are the tools IT engineers use to create their digital security. Sophisticated defense systems can be very effective at keeping the obvious attackers at bay, yet they often create a false sense of security because the real attacks, the kind that inflict irreparable damage on a system or network, avoid the obvious routes into the secure fortress. more
A group of experts from Interisle Consulting Group released a paper today, reporting a comprehensive study of the phishing landscape in 2020. The study's goal was to capture and analyze a large set of information about phishing attacks to better understand how much phishing is taking place, where it is taking place, and better ways to fight them. more
My OECD paper on spam problems in developing economies is now linked from the OECD Anti-Spam Toolkit page, as part of section 8 of the Anti-Spam Toolkit (Outreach). This ZDNet article provides a reasonably good summary of my paper as well. I welcome comments and suggestions from CircleID readers. "Spam is a much more serious issue in developing countries as it is a heavy drain on resources that are scarcer and costlier in developing countries than elsewhere..." more
I use Paypal, and I am quite satisfied with how it helps me with my business: it is still a little hard to use, and I don't use all functions of the tool, but it is not so expensive, it is fast and efficient, and Paypal does not send so many emails. In one word, Paypal rocks... The only problem that I have with Paypal is the number of fake emails that I receive. Of course, I easily identify them as they come in and luckily, G Suite (Gmail) does an excellent job at blocking all spam and phishing. more
Is desktop anti-virus dead? Someday I'd love to make that announcement, but it still feels to me that there's a Patron Saint of Voodoo with an affinity for bringing it back to life -- like some macabre mirror image of the malicious zombies it's supposed to provide protection against. It's kind of ironic that today's innovation in desktop anti-virus isn't really happening at the desktop; rather it's occurring in the cloud. more
Nearly 92 percent of malware use DNS to gain command and control, exfiltrate data or redirect traffic, according to Cisco's 2016 Annual Security Report. It warns that DNS is often a security "blind spot" as security teams and DNS experts typically work in different IT groups within a company and don't interact frequently. more
Because domain names represent the online identity of individuals, businesses and other organizations, companies and organizations large and small have expressed increasing concern over reports of "domain name hijacking," in which perpetrators fraudulently transfer domain names by password theft or social engineering. The impact of these attacks can be significant, as hijackers are typically able to gain complete control of a victim's domain name - often for a significant period of time. more
The Latin America and Caribbean Domain Name System (LAC DNS) Forum will be held on November 15, 2013 in Buenos Aires, Argentina. This follows on a similar initiative that took place at ICANN 47 in Durban, South Africa. The event's global, regional and local organizers plan to address key online issues, including more regional involvement with Internet governance. more
The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more
The President and Congress are deliberating how best to ensure appropriate cybersecurity protection for private sector critical infrastructure. Legislative action and Executive Order are both under consideration. It is possible, however, that the White House Office of Management and Budget (OMB) already has sufficient statutory authority to enact new cybersecurity regulations through the normal notice-and-comment rulemaking process. more
Android users can choose from 3.718 million applications in the Google Play Store. When installing applications, the majority of consumers trust Google to keep their devices safe from hackers. However, the reality is different. Just back in May 2023, researchers discovered over 101 infected applications in the Android store. Many of these apps counted over 400 million downloads. more
With cybercrime on the rise, companies in 2021 have experienced increased ransomware attacks, business email compromise (BEC), phishing attacks, supply chain attacks, and online brand and trademark abuse. While domain cyber risk is rising, the level of action being taken by Forbes Global 2000 companies to improve their domain security posture has remained unchanged, leaving these companies exposed to even more risk. The risk of not addressing your domain security can be catastrophic. more
The debates are raging over whether or not we should migrate to IPv6. The strongest argument is the enormous address space that will allow for everyone and everything to have a unique public address, many addresses actually. It is often said that the shortage of public IPv4 addresses has limited our capabilities because it led to the pervasive use of private addressing, Network Address Translation (NAT) and Port Address Translation (PAT). Though these technologies remain critical, they are often regarded as stop-gap measures, and they sometimes create problems. In some circles, NAT has acquired a very bad name. But is that a fair perspective of the technology? Let's review the positives and negatives. more
ICANN hosted a Resolver Operator Forum in mid-December, and the session had several interesting presentations that I would like to comment on here... The first presentation in this forum was from Paul Mockapetris. He pointed to the original academic published paper, Development of the Domain Name System, by Paul Mockapetris and Kevin Dunlap, published in the proceedings of ACM SIGCOMM’88. The paper noted that by 1983 it was obvious that the shared HOSTS.TXT file was not a scalable solution... more
A World-Renowned Source for Internet Developments. Serving Since 2002.