Cybersecurity

Crypto War III: Assurance

For decades, academics and technologists have sparred with the government over access to crypographic technology. In the 1970s, when crypto started to become an academic discipline, the NSA was worried, fearing that they'd lose the ability to read other countries' traffic. And they acted. For example, they exerted pressure to weaken DES... The Second Crypto War, in the 1990s, is better known today, with the battles over the Clipper Chip, export rules, etc. more

The Recent and Rapid Evolution of DDoS Attacks

In October of 2016 the Mirai botnet came thundering onto the internet landscape. A digital Godzilla, a DDoS King Kong, this Internet of Things-powered behemoth began smashing DDoS attack records, online powerhouses like Reddit, Etsy, Spotify, CNN and the New York Times crumbling under its fists. When the dust had settled, and services had been restored, one thing seemed certain: a new era of DDoS attacks was upon us. Mirai was terrifying as a botnet but even worse as a harbinger. more

Takeaways from the DNS-OARC’s 28th Workshop

March has seen the first of the DNS Operations, Analysis, and Research Center (OARC) workshops for the year, where two days of too much DNS is just not enough! These workshops are concentrated within two days of presentations and discussions that focus exclusively on the current state of the DNS. Here are my impressions of the meeting. more

Women in Security Organize New Conference in Reaction to RSA’s Lack of Female Speaker Inclusion

RSA, one of the largest cybersecurity conferences, has been criticized for booking only one female keynote speaker this year who is Monica Lewinsky. more

IPv6, 5G and Mesh Networks Heightening Law Enforcement Challenges, Says Australian Government

In a submission to the Joint Committee on Law Enforcement's inquiry into Impact of new and emerging information and communications technology, the Department of Home Affairs and Australian Criminal Intelligence Commission (ACIC) warn law enforcement will be degraded by a number of new technologies. more

Significant Changes Underway for Core Internet Protocols

Significant changes to the core Internet protocols are underway due to the increased necessity to overcome limits that have become apparent particularly with regards to performance. more

Usenet, Authentication, and Engineering (or: Early Design Decisions for Usenet)

A Twitter thread on trolls brought up mention of trolls on Usenet. The reason they were so hard to deal with, even then, has some lessons for today; besides, the history is interesting. (Aside: this is, I think, the first longish thing I've ever written about any of the early design decisions for Usenet. I should note that this is entirely my writing, and memory can play many tricks across nearly 40 years.) more

U.S. Government Officials Raise Concerns Over Intel’s Long Delay Informing Government on Chip Flaws

Latest reports suggest Intel Corporation did not inform U.S. cyber security officials about the so-called Meltdown and Spectre chip security flaws until they were leaked to the public six months after Intel was notified about the problem. more

SEC Reinforces and Expands Its Cybersecurity Guidance for Public Companies

The Securities and Exchange Commission has issued an updated guidance for public companies in preparing disclosures about cybersecurity risks and incidents. more

Report Estimates Cybercrime Taking $600 Billion Toll on Global Economy

Cybercrime is costing businesses close to $600 billion, or 0.8 percent of global GDP, according to a report released today by McAfee, in partnership with the Center for Strategic and International Studies (CSIS). more

Hackers Use Tesla’s Amazon Cloud Account to Mine Cryptocurrency

Tesla's cloud environment has been infiltrated by hackers and used to mine cryptocurrencies, researchers have discovered. Other victims include Aviva and Gemalto. more

Botnets Shift Focus to Credential Abuse, Says Latest Akamai Report

Akamai's Fourth Quarter, 2017 State of the Internet, was released today in which it states that the analysis of more than 7.3 trillion bot requests per month has found a sharp increase in the threat of credential abuse, with more than 40 percent of login attempts being malicious. more

Hackers Earned Over $100K in 20 Days Through Hack the Air Force 2.0

HackerOne has announced the results of the second Hack the Air Force bug bounty challenge which invited trusted hackers from all over the world to participate in its second bug bounty challenge in less than a year. more

The New State Department Cyberspace Bureau: from Multilateral Diplomacy to Bilateral Cyber-Bullying

These days in Washington, even the most absurd proposals become the new normal. The announcement yesterday of a new U.S. State Department Cyberspace Bureau is yet another example of setting the nation up as an isolated, belligerent actor on the world stage. In some ways, the reorganization almost seems like a companion to last week's proposal to take over the nation's 5G infrastructure. Most disturbingly, it transforms U.S. diplomacy assets from multilateral cooperation to becoming the world's bilateral cyber-bully nation. more

Gold Dragon Helps Olympics Malware Attacks Gain Permanent Presence on Systems, Reports McAfee

A report recently released by McAfee Advanced Threat Research (ATR) revealed a fileless attack targeting organizations involved with the Pyeongchang Olympics. more