Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
One of the "key" questions cryptographers have been asking for the past decade or more is what to do about the potential future development of a large-scale quantum computer. If theory holds, a quantum computer could break established public-key algorithms including RSA and elliptic curve cryptography (ECC), building on Peter Shor's groundbreaking result from 1994. more
The AntiPhishing Working Group (APWG) in a letter to ICANN has expressed concern that the redaction of the WHOIS data as defined by GDPR for all domains is "over-prescriptive". more
How do we harden the Internet against the kinds of pervasive monitoring and surveillance that has been in recent news? While full solutions may require political and legal actions, are there technical improvements that can be made to underlying Internet infrastructure? As discussed by IETF Chair Jari Arkko in a recent post on the IETF blog, "Plenary on Internet Hardening", the Technical Plenary at next weeks IETF 88 meeting in Vancouver, BC, Canada, will focus on this incredibly critical issue. more
In January we presented the glorious history of the MIT spam conference, today we present the schedule for the first day. Opening session will be from this author, Garth Buren with a topic entitled The Internet Doomsday Book, with details be released the same day as the presentation. Followed by Dr. Robert Bruen with a review of activities since the last MIT spam conference... more
It is not often I go out to my driveway to pick up the Washington Post -- yes, I still enjoy reading a real physical paper, perhaps a sign of age -- and the headline is NOT about how the (insert DC sports team here) lost last night but is instead is about an IT technology. That technology is the Border Gateway Protocol (BGP), a major Internet protocol that has been around for more than a quarter century, before the Internet was commercialized and before most people even knew what the Internet was. more
In an age where the world has gone global in many forms and guises, the political attention is more and more focussed on national, populist issues, that arise from fear for the unknown. I can't deny it: the future undoubtedly contains many uncertainties. This usually comes with a general public that's afraid and in fear of things they cannot oversee. Thus it is easily aroused by a populist leader who feeds on this fear and throws flammable material on the already smouldering fire. In a time where leadership is called for, it seems lacking. The Internet governance discussion demands visionary leadership on a cross border level and it needs it soon. more
One of the other web sites I subscribe to is Stratfor. It's a global intelligence website and doesn't really have much to do with spam. But I like politics so I read it. They have some articles which you can get for free, but the better stuff you have to pay for. About two weeks ago, they ran a three-part series on Cyberwarfare. The first article was the title of this post, which you can access here (requires registration). In the article they described different types of cybercriminals and not-so-criminals which they referred to under the umbrella as "hackers." more
As a reader of this article, you are probably familiar with the DNS cache poisoning techniques discovered a few years ago. And you have most likely heard that DNSSEC is the long term cure. But you might not know exactly what challenges are involved with DNSSEC and what experience the early adopters have gathered and documented. Perhaps you waited with our own rollout until you could gather more documentation over the operational experience when rolling out DNSSEC. This article summarizes authors' experiences and learnings from implementing the technology in production environments as well as discusses associated operational issues. more
In Tony Li's article on path MTU discovery we see this text: "The next attempt to solve the MTU problem has been Packetization Layer Path MTU Discovery (PLPMTUD). Rather than depending on ICMP messaging, in this approach, the transport layer depends on packet loss to determine that the packet was too big for the network. Heuristics are used to differentiate between MTU problems and congestion. Obviously, this technique is only practical for protocols where the source can determine that there has been packet loss. Unidirectional, unacknowledged transfers, typically using UDP, would not be able to use this mechanism. To date, PLPMTUD hasn't demonstrated a significant improvement in the situation." Tony's article is (as usual) quite readable and useful, but my specific concern here is DNS... more
Much has been said about the criticality of the small coterie of large-scale content distribution platforms and their critical role in today's Internet. These days when one of the small set of core content platforms experiences a service outage, then it's mainstream news, as we saw in June of this year with outages reported in both Fastly and Akamai. In the case of Akamai, the June outage impacted three of Australia's largest banks, their national postal service, the country's reserve bank, and one airline... more
Three vectors were exploited in the recent DDoS attack against Spamhaus: 1) Amplification of DNS queries through the use of DNSSEC signed data; 2) Spoofed source addresses due to lack of ingress filtering (BCP-38) on originating networks; 3) Utilisation of multiple open DNS resolvers While. 1) is unavoidable simply due to the additional data that DNSSEC produces, and 2) "should" be practised as part of any provider's network configuration, it is 3) that requires "you and I" ensure that systems are adequately configured. more
The number one concern cited for avoiding cloud computing is security. And there is a reason for that. Cloud providers have demonstrated some spectacular failures in the past, including Amazon's near total shutdown of an entire region, Dropbox's authentication snafu, and innumerous cloud providers that go belly-up. However, in the long run, cloud computing is destined to become more secure than in-house IT. I will briefly describe two dynamics in the industry that point in that direction, with substantiating evidence. more
The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010. While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet. more
On September 12 China, the Russian Federation, Tajikistan and Uzbekistan released a Resolution for the UN General Assembly entitled "International code of conduct for information security." The resolution proposes a voluntary 12 point code of conduct based on "the need to prevent the potential use of information and communication technologies for purposes that are inconsistent with the objectives of maintaining international stability and security and may adversely affect the integrity of the infrastructure within States..." more
U.S. Department of Homeland Security (DHS) and the FBI today released a technical alert based joint-effort analysis of methods behind North Korea’s cyberattacks. more
A World-Renowned Source for Internet Developments. Serving Since 2002.