Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
There is considerable coverage this morning (or this evening in Tunis) on the last minute WSIS deal struck yesterday. The gist of the coverage rightly reports that the U.S. emerged with the compromise they were looking for as the delegates agreed to retain ICANN and the ultimate U.S. control that comes with it (note that there is a lot in the WSIS statement that may ultimately prove important but that is outside the Internet governance issue including the attention paid to cybercrime, spam, data protection, and e-commerce). This outcome begs the questions -- what happened? And, given the obvious global split leading up to Tunis, what changed to facilitate this deal? more
Identity theft is apparently the "in thing" these days. By media accounts, hackers and evildoers lurk everywhere trying to steal your personal information. In the past few months, one company after another is being forced to admit customer data has been lost or stolen. In many cases, they have them come forth repeatedly over the next few weeks, or even months revising the estimated number of impacted customers. To date, I don't think any have ever lowered those numbers. ...Let's consider two events that didn't make the front page of C|Net or CNN. more
The sky is falling! The sky is falling! ...or is it? What is this thing called "pharming"? Put simply, it's redirection of web traffic, so that the server you think you're talking to actually belongs to a criminal. For example: you think you're talking to www.examplebank.com because it says so in the browser's address bar, but actually you're connected to www.mafia-R-us.ru. This can happen in three main ways: 1. DNS Hijack: a social engineering attack on the Internet infrastructure... more
Well, it's a yearly tradition in the western hemisphere that at the end of the year, we compose a top 10 list of the 10 most
If you are at all interested in how the Internet's Domain Name System (DNS) works, then one of the most rewarding meetings that is dedicated to this topic is the DNS OARC workshops. I attended the spring workshop in Amsterdam in early May, and the following are my impressions from the presentations and discussion. What makes these meetings unique in the context of DNS is the way it combines operations and research, bringing together researchers, builders and maintainers of DNS software systems, and operators of DNS infrastructure services into a single room and a broad and insightful conversation. more
While travelling home from Geneva, I was thinking quite a lot on the relationship between a ccTLD (registry) and a Country. This is because many countries are starting to talk louder and louder about the responsibilities Countries have on critical infrastructure, or (possibly more important) the management of the critical infrastructure. Will for example any (none?) of ccTLD operators (servers) sustain a denial of service attack of a scale similar to the attack on the root servers? What can ccTLD operators do to resist the malicious attacks? Should this be discussed? more
News flash: to help fight California's drought, Samsung is offering a $100,000 prize to the innovator who creates "the most effective use of IoT and ARTIK [Samsung's IoT platform] technology for reducing water consumption by individuals or municipalities." When the average reader of this news headline needs no explanation of what "IoT" means or what this contest is about, we know IoT, or the Internet of Things, is for real. There are already an estimated 25 billion connected devices around the world, according to expert estimates. more
In my last article, I described efforts underway to standardize new cryptographic algorithms that are designed to be less vulnerable to potential future advances in quantum computing. I also reviewed operational challenges to be considered when adding new algorithms to the DNS Security Extensions (DNSSEC). In this post, I'll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability. more
The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more
Two weeks ago, the Federal Trade Commission held a summit on e-mail authentication in Washington, DC; the community of people who handle bulk mail came together and agreed on standards and processes that should help reduce the proliferation of spoofed mail and fraudulent offers. This was a big, collective step in the right direction. But e-mail sender authentication alone won't solve the Net's fraud and phishing problems - nor will any single thing. It requires a web of accountability among a broad range of players. Yet this week there's another meeting, in Cape Town, South Africa, that could make even more of a difference...but it probably won't. more
The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks. Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. more
This week two major transoceanic cables experienced outages that may last several days. The outages provide a reminder that several Internet bottlenecks exist where these cables make landfall. When one thinks of bottlenecks in telecommunications the first and last mile come to mind. Yet equally vulnerable are the last few 1000 feet of submarine cable links. more
"Massive Email Bombs Target .Gov Addresses," Brian Krebs writes in Krebs on Security: "Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov) email inboxes with subscription requests to thousands of email lists." more
Isn't security as important to discuss as .XSS? The DNS has become an abuse infrastructure, it is no longer just a functional infrastructure. It is not being used by malware, phishing and other Bad Things [TM], it facilitates them. Operational needs require the policy and governance folks to start taking notice. It's high time security got where it needs to be on the agenda, not just because it is important to consider security, but rather because lack of security controls made it a necessity. more
It would be reasonable to assume that your employer is archiving your email communications. But what about your personal emails, texts, phone calls and Facebook posts. Are these really private? Not for long, if the UK government has its way. It has been reported that its new anti-terror plan, if passed, would require Internet providers and phone companies to store all online communications by UK citizens for one year. more
A World-Renowned Source for Internet Developments. Serving Since 2002.