Cybersecurity |
Sponsored by |
|
The website designated by Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, reports Brian Krebs in KrebsOnSecurity. more
New York Post has been "hacked" by an employee. To protect themselves from insider threats, companies can deploy zero trust and restrict access. On October 27, the New York Post published a string of racist and sexist articles on its website. Fabricated news about politicians, such as pieces concerning racist comments of a New York City mayor, has been headlining the publication. more
The oft used term "the Internet of Things" (IoT) has expanded to encapsulate practically any device (or "thing") with some modicum of compute power that in turn can connect to another device that may or may not be connected to the Internet. ... The information security community -- in fact, the InfoSec industry at large -- has struggled and mostly failed to secure the "IoT". This does not bode well for the next evolutionary advancement of networked compute technology. more
I just finished reading Richard Clarke and Robert Knake's book Cyberwar. Though the book has flaws, some of them serious, the authors make some important points. They deserve to be taken seriously. I should note that I disagree with some of my friends about whether or not "cyberwar" is a real concept. Earlier, I speculated that perhaps it might be a useful way to conduct disinformation operations, but it need not be so limited. more
As a designated committee of experts prepares to draft a new treaty to combat the use of information and communications technologies in cybercrime at the UN in January 2022, it is paramount that other stakeholders oversee these discussions to avoid violating human rights on the Internet. This initiative was kickstarted by a 2019 resolution led by Russia and endorsed by other countries considered by many to behavior controversially on cybersecurity matters, such as China, Venezuela, Cambodia, North Korea, and others. more
New research indicates Thailand as being the world's number one hotspot for cryptocurrency mining malware. more
The FCA has been naming and shaming financial scam domains for decades. Its "warning list" is probably one the most extensive databases of its kind. But does it do a good enough job of actually warning people? Let us begin with the FCA website, which would not exactly get full points for user-friendliness: locating the "watch list" is a task in and of itself, to say nothing of consulting and scrutinising it. more
In light of the recent decision by the United States government to "maintain its historic role in authorizing changes or modifications to the authoritative root zone file" and ICANN's recent decisions to add more gTLDs (including .xxx), and to renew VeriSign as the .net registry, readers may be interested in the just-published report of the National Research Council's Computer Science and Telecommunications Board, Signposts in Cyberspace: The Domain Name System and Internet Navigation. ...a comprehensive policy-oriented examination of the Domain Name System in the broader context of Internet navigation. more
The holidays open up a block of time to catch up on "I meant to read that" bookmarks, RSS feeds, and all the favorited and forgotten tweets. I made it through 50 before a NormanShark blog post kicked off a research project. The analysts found a malware sample which was using .bit domains in their communications infrastructure, but .bit ... what is that? .bit is a TLD operating outside of ICANN. Some would say they are TLD squatting, but I leave that opinion up to the reader. more
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well: I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up. We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: "why be able to destroy the world a thousand times over if once is more than enough?" we often also changed it to say "3 times" as redundancy could be important... more
ICANN's Nomination Committee has begun their process to nominate more members to various boards, councils and committees of ICANN. This is the process by which I was elected to the board last year. Contrary to what some people may think, these positions should not be taken to try to gain some privilege or power. These are positions of responsibility and require a lot of work for no tangible return except possibly the opportunity to meet other very interesting people. I think about my role at ICANN like I would think about jury duty. We have all benefited from the proper functioning of the Internet for the last decade. If you've benefited in the past and care about the future of the Internet, it is a great opportunity to give back to the community by applying for one of these positions. more
Reading this morning's blog from Microsoft about "Operation b70" left me wondering a lot of things. Most analysts within the botnet field are more than familiar with 3322.org - a free dynamic DNS provider based in China known to be unresponsive to abuse notifications and a popular home to domain names used extensively for malicious purposes - and its links to several botnets around the world. more
Bell Canada, nation’s largest telecommunications company, disclosed late on Monday the illegal access of Bell customer information by an anonymous hacker. more
The apparent cyber heist of of $81 million from the Bangladesh central bank's U.S. account may cause some people to question the security of online banking. While the online theft prompted SWIFT - a cooperative owned by 3,000 financial institutions around the world -- to make sure banks are following recommended security practices, the incident also could have ramifications for banking customers worldwide. more
When I first wrote about Domain Registry Locking over a year and a half ago, Verisign was the only Registry offering a true Registry Lock Service. Of course, not long after, Neustar announced their Registry Lock Service too. Recently however, a number of ccTLD Registries have also adopted Registry Locking programs... more
A World-Renowned Source for Internet Developments. Serving Since 2002.