Cybersecurity |
Sponsored by |
|
On 30 September 1850 at Dresden, the first international treaty was issued among the first sovereign nations to internet their national electronic communication networks. It was known as the Dresden Convention, and culminated several weeks hammering out basic requirements and techniques to implement an internet spanning the Austro-German European continent at the time, and established a continuing "Union" of signatories to evolve the provisions of the treaty. more
Experts and companies in the information security industry today announced the formation of the Secure Domain Foundation (SDF), a new, non-profit, community-driven organization devoted to the identification and prevention of Internet cyber crime utilizing the domain name system (DNS). more
In the past few months, a flurry of gift card scams leveraging such high-profile brands as Best Buy, Whole Foods and IKEA have emerged on Facebook. These scams often use the brand's logo, website URL, or general "look and feel" on Facebook "fan" pages to give the impression that these offers are legitimate. Some scams are even bold enough to include bogus, non-interactive fan comments to add a greater sense of authenticity to the gift card offer. To date, these scams have been successful at tricking tens of thousands of consumers. In just one day, for example, a fan page titled "IKEA Get a FREE $1000 IKEA Gift Card! (ONLY AVAILABLE 1 DAY)" registered 40,000 fans before being shut down. more
The last few months have shown a number of signs that cooperation in cyberspace is not just necessary, but it is vital for the survival of the Internet as we know it. There is no need to provide links to all the articles and news stories that talk about the dangers of cyberattacks on the infrastructure in the USA or other countries - you can find plenty of them. ... What misses really in these stories is the answer to the question "So, what?" more
While Congress and the White House deliberate possible actions on FISMA reform and increased oversight of critical infrastructure, relatively little attention is being given to the government-wide cybersecurity regulation already in place, the Data Quality Act (DQA). Unlike FISMA, which primarily governs the government's internal cybersecurity processes, and contemplated legislation and/or Executive Order(s), which would likely also include a focus on critical infrastructure protection, the DQA contains a unique mandate. more
If the rise of phishing has taught us anything, it's that on the Internet, if a digital asset has value, there's somebody out there who wants to steal it. Whether it's a bank account password, a credit card number, a PayPal login, or even a magic sword in an online game, there's a fraudster somewhere trying to misappropriate it for his or her own nefarious purposes. Domain names have always been a target for such criminals. more
There's been a lot of media attention to a report that iPhones track your movements. It's even reached the U.S. Senate. I'm underwhelmed. I think that the threat is overhyped. What is happening is that these devices create a hidden file with your location... more
An unprecedented cyberattack on the Canadian government also targeted Defence Research and Development Canada, making it the third key department compromised by hackers, CBC News has learned. ... While there is no definitive proof, of course, that China was behind these attacks, there is a lot of circumstantial evidence that points in that direction. China (allegedly) has a long history of engaging in espionage activities in order to gain access to information. In the United States, this is sometimes referred to as cyber warfare, but I think that cyber espionage is a better choice of terms. more
For me, one of the more interesting sessions at the recent IETF 81 meeting in July was the first meeting of the recently established Homenet Working Group. What's so interesting about networking the home? Well, if you regard challenges as "interesting", then just about everything is interesting when you look at networking in the home! more
It's funny, but I recall the battle cry that the WWW was "free" back in its early days. When contributing game concept to the early and great gaming pioneers like Infocom, there was such a great esprit-du-corps amongst our team regarding the fun as well as utility that the WWW offerred. In retrospect, we were so naive. I recall the days when guys like Bill Gates prided themselves on being such a great "hackers" - it was a noble term back then. more
Spear phishing is the unholy love child of email spam and social engineering. It refers to when a message is specifically crafted, using either public or previously stolen information, to fool the recipient into believing that it's legitimate. This personalization is usually fairly general, like mentioning the recipient's employer (easily gleaned from their domain name.) Sometimes they address you by name. Much scarier is when they use more deeply personal information stolen from one of your contacts... more
Well more than a year ago, ICANN's Security and Stability Advisory Committee published SSAC 053, its paper on single-label domain names - now referred to in the community as "dotless" domains - advising against their use. In a robust comment period, the community weighed in on the utility and safety of dotless domains, with some in favor and some opposed. To address the matter, ICANN has commissioned further study of the issue with an eye toward resolving the issue for new gTLD applicants. more
Unlike most new IETF standards, DNS over HTTPS has been a magnet for controversy since the DoH working group was chartered on 2017. The proposed standard was intended to improve the performance of address resolutions while also improving their privacy and integrity, but it's unclear that it accomplishes these goals. On the performance front, testing indicates DoH is faster than one of the alternatives, DNS over TLS (DoT). more
Coninsiding with October Cybersecurity Awareness Month, Google today announced the launch of Advanced Protection Program specifically "designed for those who are at an elevated risk of attack." more
Microsoft has taken control of 50 domains used by a North Korean cybercrime group dubbed "Thallium" to steal information from users, including government employees, think tanks, university staff members, and those working on nuclear proliferation issues. more
A World-Renowned Source for Internet Developments. Serving Since 2002.