Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
The deployment of Domain Name System Security Extensions (DNSSEC) for the root zone got an official start today with its public signing for the first time. DNSSEC for the root zone is a joint effort between ICANN and VeriSign, with support from the U.S. Department of Commerce to improve security of the Internet's naming infrastructure. Kim Davies, ICANN's Manager of Root Zone Services, says: "What happened today was the deliberately un-validatable root zone started being published on l.root-servers.net. It is anticipated this will be rolled out across the other root servers over the coming months. This phase is designed to identify any issues with the larger DNS response sizes associated with DNSSEC data."
Gadi Evron writes: "China responds to Google's accusations on its CNCERT web site, here. Johannes Ullrich just brought this to my attention on Facebook. In short, CNCERT wrote that China is the biggest victim of cyber attacks, and that Google lacks evidence to link the recent attacks to China as the perpetrator. I am certain more details and analysis will become available soon."
According to the latest Infrastructure Security Report by Arbor Netowrks, the Internet architecture and operations is about to face a perfect storm with the convergence of issues including IPv4 to IPv6 migration, implementation of DNS Security Extensions (DNSSEC) and to 4-byte ASNs (used for inter-domain routing on the Internet). "Any one of these changes alone would constitute a significant architectural and operational challenge for network operators; considered together, they represent the greatest and potentially most disruptive set of circumstances in the history of the Internet, given its growth in importance to worldwide communications and commerce," says the report.
Dennis Fisher of Thread Post reports: "The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers."
Coen Dijkgraaf writes: "Project Honey Pot is a community of tens of thousands of web and email administrators from more than 170 countries around the world who are working together to track online fraud and abuse. The Project has been online since 2004 and each day receives millions of email and comment spam messages which are catalogued and shared with law enforcement and security partners. On Wednesday, December 9, 2009 at 06:20 (GMT) Project Honey Pot received its billionth email spam message. For the full article and some intersting statistics about spamming, see 1 Billion Spammers Served."
Vietnam is now responsible for more than 10% of the worlds spam, according to threat analysis from managed security firm, Network Box. November saw malware threat levels remain consistently high with Vietnam taking the number one spam spot from last month’s chart topper, Brazil.
Gadi Evron reporting today on Dark Reading: "A National Journal Magazine article called "The Cyberwar Plan" has been making waves the last few days in our circles -- it's about how cell phone and computer attacks were used against Iraqi insurgents by the National Security Agency (NSA). Its significance is far more than just what's on the surface, however. The article describes several issues and that in my opinion confuses what matters..."
The fifth-annual survey of domain name servers (DNS) on the public Internet -- called a "Pandora's box of both frightening and hopeful results" -- was released today by The Measurement Factory in partnership with Infoblox.
Reported today on BBC: "Police chiefs are urging people looking for work during the recession to be alert to online scams that trick them into laundering money. The Serious Organised Crime Agency (Soca) says websites are currently being used to recruit 'money mules'. The 'mules are ordinary people who send and receive payments through their bank accounts to facilitate business." Neil Schwartzman has also informed us of a related report by RSA FraudAction Research Lab based on several months of tracking various reshipping scams engineered by online fraudsters.
CBS's 60 Minutes aired a special report last night investigating how hackers can get into the computer systems that run crucial elements of the world's infrastructure, such as the power grids, water works or even a nation's military arsenal. From the report: "At the Sandia National Laboratories, Department of Energy security specialists like John Mulder try to hack into computer systems of power and water companies, and other sensitive targets in order to figure out the best way to sabotage them. It's all done with the companies' permission in order to identify vulnerabilities. In one test, they simulated how they could have destroyed an oil refinery by sending out code that caused a crucial component to overheat."
According to a recent security report, Spain and the United States are the leading countries when comes to bot-infected computers. Based on data compiled from October by PandaLabs, the research arm of Panda Security, an alarming 44.49% of computers in Spain are infected with bots and United States -- a long way behind -- at 14.41%, followed by Mexico 9.37% and Brazil 4.81%. Countries least infected include Peru, the Netherlands and Sweden, all with ratios under 1 percent.
Sophie Curtis of eWeek reports: "Researchers have discovered a hole in the secure sockets layer (SSL) protocol, enabling man-in-the-middle attackers to hack into secure applications despite traffic encryption. According to security researcher Chris Paget, hackers can exploit this flaw by breaking into shared hosting environments, mail servers and databases, and inserting text into encrypted traffic as it passes between two end users. This could lead to fragmentation of SSL transactions, giving hackers the opportunity to inject false commands such as password resets into communications which are otherwise encrypted."
Department of Homeland Security (DHS) Secretary Janet Napolitano today opened the new National Cybersecurity and Communications Integration Center (NCCIC) — a 24-hour, DHS-led coordinated watch and warning center that will improve national efforts to address threats and incidents affecting the nation's critical information technology and cyber infrastructure.
A new phishing survey released by the Anti-Phishing Work Group (APWG) reveals that the longevity of phishing Web sites dropped by 25 percent over the last year. The survey has also revealed that a single criminal syndicate dubbed "Avalanche" was responsible for nearly one quarter of all phishing attacks in the first half of 2009. Indications are that the gang is continuing to claim a larger proportion of all detected phishing attacks.
Lisa Schlein of the Voice of America reports: "A new system for tackling the growing number of Global Cyber Attacks has been unveiled at ITU Telecom World 2009, a mammoth exhibition, which showcases the latest advances in ICT or information and communications technology. The International Telecommunications Union, which is sponsoring the event, has put global cyber security at the heart of its agenda. 'As you well know, the next world war could happen in the cyber space and that would be a catastrophe,' said ITU secretary-general, Hamdoun Toure."
A World-Renowned Source for Internet Developments. Serving Since 2002.