Cybersecurity

Cameras, DVRs Used for Massive Cyberattack on French Hosting Company and Others

"Hackers infect army of cameras, dvrs for massive internet attacks," reports Drew Fitzgerald in the Wall Street Journal. more

Exploiting the Firewall Beachhead: A History of Backdoors Into Critical Infrastructure

There is no network security technology more ubiquitous than the firewall. With nearly three decades of deployment history and a growing myriad of corporate and industrial compliance policies mandating its use, no matter how irrelevant you may think a firewall is in preventing today's spectrum of cyber threats, any breached corporation found without the technology can expect to be hung, drawn, and quartered by both shareholders and industry experts alike. more

Increasing the Strength of the Zone Signing Key for the Root Zone, Part 2

A few months ago I published a blog post about Verisign's plans to increase the strength of the Zone Signing Key (ZSK) for the root zone. I'm pleased to provide this update that we have started the process to pre-publish a 2048-bit ZSK in the root zone for the first time on Sept. 20. Following that, we will publish root zones with the larger key on Oct. 1, 2016. more

US Senators in Letter to Yahoo Say Late Hack Disclosure “Unacceptable”

"A group of Democratic U.S. senators on Tuesday demanded Yahoo Inc (YHOO.O) to explain why hackers' theft of user information for half a billion accounts two years ago only came to light last week and lambasted its handling of the breach as "unacceptable," reports Dustin Volz from Washington in Reuters. more

What Trump and Clinton Said About Cybersecurity in the First US Presidential Debate

The Internet and tech got very little mention last night during the first of three presidential debatest. The only notable exception was cybersecurity where moderator Lester Holt asked: "Our institutions are under cyber attack, and our secrets are being stolen. So my question is, who's behind it? And how do we fight it?" The following are the responses provided to the question by the two candidates. more

Cybersecurity Regime for Satellites and other Space Assets Urgently Required, Warn Researchers

"A radical review of cybersecurity in space is needed to avoid potentially catastrophic attacks," warn researchers at the International Security Department of UK-based thinktank, Chatham House. more

Yahoo to Confirm Massive Data Breach, Several Hundred Million Users Exposed

"Yahoo is expected to confirm a massive data breach, impacting hundreds of millions of users," reports Kara Swisher today in Recode. more

UK’s National Cyber Security Centre Reveals Plans to Scale Up DNS Filtering

Speaking at the Billington Cyber Security Summit in Washington DC, Ciaran Martin, head of UK's Government Communication Headquarters (GCHQ) and the first Chief Executive of the new National Cyber Security Centre (NCSC), set out how the new organization will use DNS filters as part of its plan to curb cyberattacks. more

Schneier: “Someone Is Learning How to Take down the Internet”

"Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet," wrote renowned security expert, Bruce Schneier, in a piece published in Lawfare. more

U.S. Justice Department Forms Group to Study National Security Threats of IoT

"The U.S. Justice Department has formed a threat analysis team to study potential national security challenges posed by self-driving cars, medical devices and other Internet-connected tools," reports Dustin Volz from Washington in Reuters" more

New York’s Department of Financial Services Issues Cybersecurity Proposal

New York state is proposing new rules requiring banks and insurance companies to establish cybersecurity programs and designate an internal cybersecurity officer. more

White House Appoints Retired Air Force General as First Cyber Security Chief

As part of its effort to improve defenses against hackers, the White House today named a retired U.S. Air Force Brigadier General Gregory J. Touhill as the first Federal Chief Information Security Officer (CISO) -- the position was announced eight months ago as part of Cybersecurity National Action Plan (CNAP). more

China Taking Steps to Show it is Responsive to Foreign Concerns on Cybersecurity

"China Sets New Tone in Drafting Cybersecurity Rules," By Eva Dou in Beijing and Rachael King in San Francisco reporting in the Wall Street Journal. more

Singapore Plans to Cut Off Internet Access for Government Agencies

"Singapore is planning to cut off web access for public servants as a defence against potential cyber attack," according to a report today in the Guardian. more

Does Apple’s Cloud Key Vault Answer the Key Escrow Question?

In a recent talk at Black Hat, Apple's head of security engineering (Ivan Krsti?) described many security mechanisms in iOS. One in particular stood out: Apple's Cloud Key Vault, the way that Apple protects cryptographic keys stored in iCloud. A number of people have criticized Apple for this design, saying that they have effectively conceded the "Going Dark" encryption debate to the FBI. They didn't, and what they did was done for very valid business reasons -- but they're taking a serious risk... more