Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
In CSC's recent insight paper, we address the trend that many business leaders today don't realize the extent to which their modern enterprise -- and its millions of digital assets -- rely on. It's a vast domain ecosystem that needs to be protected from online threats. Often, to better understand this need for domain security, we need to understand how critical and interconnected domains are within a business. more
The oft used term "the Internet of Things" (IoT) has expanded to encapsulate practically any device (or "thing") with some modicum of compute power that in turn can connect to another device that may or may not be connected to the Internet. ... The information security community -- in fact, the InfoSec industry at large -- has struggled and mostly failed to secure the "IoT". This does not bode well for the next evolutionary advancement of networked compute technology. more
DDoS attacks, phishing scams and malware. We battle these dark forces every day - and every day they get more sophisticated. But what worries me isn't just keeping up with them, it is keeping up with the sheer volume of devices and data that these forces can enlist in an attack. That's why we as an industry need to come together and share best practices - at the ICANN community, at the IETF and elsewhere - so collectively we are ready for the future. more
In January Jörg Schweiger, DENIC's CTO from 2007 to 2014 and CEO since 2014, announced he was stepping down from his position in December. It's been quite a ride, and the domain name industry has evolved quite a lot. So we asked Jörg a few questions about his time with DENIC and the changes he's seen... he came up with some insightful views on why he thought new TLDs missed a great opportunity to do something with "innovative new business models," the importance of security to DENIC... more
Tesla's cloud environment has been infiltrated by hackers and used to mine cryptocurrencies, researchers have discovered. Other victims include Aviva and Gemalto. more
Anyone that has attended a meeting of the Internet Engineering Task Force (IETF) will know that the somewhat dry topic of internet protocols is often the source of passionate disagreement. But rarely does that debate extend beyond the confines of internet engineers. That has not been the case with a new protocol which aims to make the Internet's underlying domain name system more secure by default. more
In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network -- upstream. more
What happens if ICANN fails? Who will run the DNS then?
Of course to many, ICANN already has failed -- spectacularly so. Critics have long complained that ICANN not only lacks accountability and legitimacy, but also that it is inefficient (at best) and downright destructive (at worst). According to these critics, ICANN's many sins include threatening the stability of the Internet, limiting access by imposing an artificial domain name scarcity, and generally behaving like a petulant dictator. more
Two recent celebrated cybersecurity standards history events brought together sets of people who were intimately involved with some of the most significant network security standards work ever undertaken. These included the X.509 digital certificate standards at ITU X.509 Day, and the Secure Digital Network System (SDNS) standards at the NSA Cryptologic History Symposium 2022. more
The development of the Internet has arrived at a new Crossroads. The growing Internet Governance complexity is leading also to a higher level of confusion on how the digital future should be shaped. The French president Emanuel Macron and UN Secretary General Antonio Guterres will open both the Paris Peace Forum and the 13th IGF where Internet Governance is a key issue. Is the time ripe for a "New Deal" on Internet Governance? And which stakeholder should bear the primary responsibility for the normative framing of the key challenges internet governance is facing? more
On January 14, 2021, the Office of the United States Trade Representative (USTR) released its 2020 Review of Notorious Markets for Counterfeiting and Piracy (the Notorious Markets List, or NML). This publication enumerates online and physical markets that have been reported to engage in trademark, counterfeiting, and copyright infringement at scale. For the first time, the NML documents show how internet platforms play a part in bringing illicit goods into the US. more
I'm not even sure how to begin this post, but let me tell you -- my head explodes when I try to contact WHOIS "contacts" about criminal activity - FAIL. I think ICANN wants to do the right thing here, and has stated on multiple occasions that inaccurate WHOIS data is reason for registrar termination. That's a Good Thing... more
New data released today indicates that trust has eroded among criminal interactions, causing a switch to ecommerce platforms and communication using Discord, which both increase user anonymization. more
July 15, 2010 (yesterday) marked the end of the beginning for DNSSEC, as the DNS root was cryptographically signed. For nearly two decades, security researchers, academics and Internet leaders have worked to develop and deploy Domain Name System Security Extensions (DNSSEC). DNSSEC was developed to improve the overall security of the DNS, a need which was dramatized by the discovery of the Kaminsky bug a few years ago. more
The UK government is proposing new regulations to strengthen cyber resilience in the private sector. Their intention is to expand cybersecurity rules for critical infrastructure (CI) operators to include managed service providers (MSPs), more stringent breach notification requirements, and legislation to establish the UK Cyber Security Council as the standards development organization for the cybersecurity profession. This is a welcomed development, but more details about implementation and enforcement are needed. more
A World-Renowned Source for Internet Developments. Serving Since 2002.