Cybersecurity |
Sponsored by |
|
Though the "Techies" have been heavily involved in many initiatives like Internet Governance, Internationalized (Multi-lingual) Domain Names, Identity Management, Information Security, Access Rights Management etc., they still have to correctly apply the technologies at hand to be able to replicate many accepted norms that have matured in the physical world such as federated identities, non-repudiation, notarizing, witnessing, co-signing etc. more
The DNS Abuse Institute recently published our sixth monthly report for our project to measure DNS Abuse: DNSAI Compass ('Compass'). Compass is an initiative of the DNS Abuse Institute to measure the use of the DNS for phishing and malware. The intention is to establish a credible source of metrics for addressing DNS Abuse. We hope this will enable focused conversations, and identify opportunities for improvement. more
As readers of CircleID have seen, there has been a lot of activity (for example, Michael Geist's "Canadian Marketing Association Attacks Anti-Spam Bill"), as the final votes of C-27 grow nearer. The history towards getting a spam law passed in Canada has been a long one. For years, CAUCE encouraged legislators to undertake this important work... Fast forward a few years, and a few governments, and suddenly we have a law tabled in the House of Commons... more
The bring-your-own-device (BYOD) trend continues to make corporate inroads. According to Security Intelligence, more than 60 percent of enterprises now allow or "tolerate" employee mobile device use in the workplace. But companies still have significant security concerns, especially when it comes to the specter of lost data. Here are seven tips to boost BYOD security in 2015. more
New research from the Global Cyber Alliance (GCA) released on Wednesday reports that the use of freely available DNS firewalls could prevent 33% of cybersecurity data breaches from occurring. more
When an outage affects a component of the internet infrastructure, there can often be downstream ripple effects affecting other components or services, either directly or indirectly. We would like to share our observations of this impact in the case of two recent such outages, measured at various levels of the DNS hierarchy, and discuss the resultant increase in query volume due to the behavior of recursive resolvers. more
Throughout this series of blog posts we've discussed a number of issues related to security, stability, and resilience of the DNS ecosystem, particularly as we approach the rollout of new gTLDs. Additionally, we highlighted a number of issues that we believe are outstanding and need to be resolved before the safe introduction of new gTLDs can occur - and we tried to provide some context as to why, all the while continuously highlighting that nearly all of these unresolved recommendations came from parties in addition to Verisign over the last several years. more
What are the most pressing Internet governance issues in the next 2-5 years? What are the biggest priorities in terms of making the Internet more secure and trusted? What are the best ways to bring the next 3 billion people online? Those will all be topics of discussion at the "InterCommunity 2015" meeting taking place this week on July 7 and 8. The meeting will not take place at any one physical location... more
So we finally have a signed root zone. Now when is someone going to answer the question I first asked over five years ago and have still not had an answer to: How do the domain name owner's keys get into the TLD? Before we have a system people can use there have to be technical standards, validation criteria and a business model. Where are they? more
In September 2009, the Obama Administration announced the Federal Cloud Computing Initiative. As the government's CIO explained, cloud computing "has the potential to greatly reduce waste, increase data center efficiency and utilization rates, and lower operating costs." The Federal Risk and Authorization Management Program (FedRAMP) addresses the key elements of a cloud computing framework for federal agencies. more
A new study by anti-phishing company PhishLabs reveals 49 percent of all phishing sites in the third quarter of 2018 had Secure Sockets Layer or SSL with HTTPS in their URL. more
As a long-established online attack strategy, phishing remains a popular tool for fraudsters because of its effectiveness. The Anti-Phishing Working Group reported more than 300,000 distinct phishing attacks in December 2021 -- more than three times the number reported in early 2020, and the highest monthly total ever identified. more
Verisign posted preliminary public comments on the "Mitigating the Risk of DNS Namespace Collisions" Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done. I have outlined the four main observations... more
Today we received one of the first phish attempts to be made as a web spam (comment spam/blog spam) attempt. I wasn't convinced, and thought that perhaps it was a way to gather and verify RELEVANT online identities. Someone put me straight. It's phishing. I've often in the past had run-ins with the good folks in the anti virus realm back between 1996 and 2005 who thought Trojan horses and then spyware were not part of their business. Years later the AV business people ruled it is part of their business and ran to catch up. Same with botnets. more
New data released today indicates that trust has eroded among criminal interactions, causing a switch to ecommerce platforms and communication using Discord, which both increase user anonymization. more
A World-Renowned Source for Internet Developments. Serving Since 2002.