Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
After the DNS root zone was finally signed and a number of Top-Level Domains (TLDs) began signing their zones, we were curious to see how many clients actually request DNSSEC information. We looked at the RIPE NCC server that provides secondary service to several country code top-level domains (ccTLDs). more
The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it? Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year... more
In Internet Draft draft-lee-dnsop-scalingroot-00.txt, I described with my coauthors a method of distributing the task of providing DNS Root Name Service both globally and universally. In this article I will explain the sense of the proposal in a voice meant to be understood by a policy-making audience who may in many cases be less technically adept than the IETF DNSOP Working Group for whom the scalingroot-00 draft was crafted. I will also apologize for a controversial observation concerning the addition of new root name servers... more
Six months following the April 11th issuance of the Beijing Communique by ICANN's Governmental Advisory Committee (GAC), ICANN continues to wrestle with whether to accept the bulk of the GAC's proposed safeguards for new gTLDs as set forth in Annex 1 of that document. On October 1st ICANN Board Chairman Stephen Crocket sent a letter to GAC Chair Heather Dryden summarizing the results of the September 28th meeting of the New gTLD Program Committee (NGPC) that considered the remaining and still undecided advice received from the GAC. more
Like many people, I was taken by surprised by Google's announcement about its threatened withdrawal from China in the wake of continued censorship and attacks that appeared to emanate from there. My immediate reaction was quite simple: "Wow". There's been a lot of speculation about just why they pulled out. Some reports noted that Google has been losing market share to Baidu... I don't think, though, that that's the whole story. more
The debate around encryption has become a hot topic in a world where communications are increasingly becoming digital. The modern encryption debate is a complex and nuanced issue, with many players from different backgrounds trying to influence the conversation. The question of balancing the need for national security with the right to privacy has been a matter of public debate for years. Only recently has the issue been framed in terms of encryption, but the discussion is certainly not new. more
Security is great when all the green lights are shining brightly and everything validates as intended, but what happens when you encounter failure? In this work we examine the behaviour of the DNS when security, in the form of DNSSEC is added, and we look at what happens when things do not happen as intended. What triggered this examination was a sudden increase in the traffic generated by secondary servers for the in-addr.arpa reverse zones in December 2009. more
Last year, MAAWG published a white paper titled Trust in Email Begins with Authentication [PDF], which explains that authentication (DKIM) is “[a] safe means of identifying a participant-such as an author or an operator of an email service” while reputation is a “means of assessing their trustworthiness.”
moreThe Electronic Frontier Foundation (EFF), along with over forty other cybersecurity experts and organizations, are urging the White House to keep politics out of securing this month's election in the U.S. more
From time to time the IETF seriously grapples with its role with respect to technology relating to users' privacy. Should the IETF publish standard specifications of technologies that facilitate third-party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and publish standard specifications of technologies that directly impede various forms of third party eavesdropping on communications? more
I have to tell you -- I'm not really happy about the fact that the majority of serious cyber crime on the Internet happens without any legal prosecution. I spend an enormous amount of time -- far beyond my "day job" and exceeding what some might consider my professional capacity -- tracking cyber crime. I also work closely with law enforcement (both in the U.S. and abroad) to assist in the intelligence gathering process, putting the pieces of the puzzles together, connecting the dots, and so forth. And most of the major criminal organizations are still operating (pretty much) in the open, with fear of retribution or criminal prosecution, for a number of reasons. more
How can the open standards organizations of the IETF and W3C "strengthen the Internet" against large-scale pervasive monitoring? That is the topic up for discussion at the "Strengthening the Internet Against Pervasive Monitoring (STRINT)" workshop planned for February 28 and March 1, 2014, and jointly sponsored by the Internet Architecture Board (IAB) and the W3C. The workshop is by invitation-only and has a deadline of Monday, January 20, 2014 (by 11:59 UTC) for submission of either position papers or Internet drafts. more
For the first time, a large-scale analysis of victims of internet denial-of-service (DoS) attacks worldwide has resulted in discovery of millions of network addresses subjeted to denial-of-service attacks over a two-year period. more
Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental... more
On 17 May 1865, 20 European states convened to establish the International Telecommunication Union (ITU) to streamline the clunky process of sending telegraph messages across borders. 160 years later, ITU's anniversary is more than a mere commemorative moment; it is a stark reminder that multilateral cooperation is beneficial and necessary in our increasingly interconnected world. more
A World-Renowned Source for Internet Developments. Serving Since 2002.