Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more
Today in Indonesia, media leaders gathered at UNESCO's World Press Freedom Day event issued the "Jakarta Declaration" calling on governments of the world to recognize the importance of a free and independent media in creating "peaceful, just and inclusive societies". The declaration calls on governments to take steps to support the freedom of the press, and, in the midst of the many actions was this statement: Recognise the legitimacy of the use of encryption and anonymisation technologies more
In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform: Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams. more
For the non-state actors who are making efforts to approach cybersecurity issue in a different and creative way, the state actors, however, have given clear signs that they have exhausted their patience and insisted on doing things alone by bringing traditional old tricks back into cyberspace. This is exemplified in the bilateral meeting of two cyber sovereigntists - the Chinese and U.S. presidents on April 6-7, and in the multilateral G7 Declaration on Responsible States Behavior in Cyberspace on April 11. more
As G20 leaders from around the world gather this week, Germany wants them to agree to a concrete plan -- one that includes affordable Internet access across the world by 2025, common technical standards and a focus on digital learning. Today, the G20 economies, like so many other economies around the world, are digital and interconnected. Digital services have opened up new avenues for sustainable economic growth. more
ICANN's WDPRS system has been defeated. The system is intended to remove or correct fraudulently registered domains, but it does not work anymore. Yesterday I submitted a memo to the leadership of the ICANN At-Large Advisory Committee (ALAC) and the greater At-Large community. The memo concerns the details of a 214-day saga of complaints about a single domain used for trafficking opioids. more
On 6 March 2017, ICANN's GDD finally responded to an applicant letter written on 14 August 2016 to the ICANN Board. This was not a response from the ICANN Board to the letter from 2016 but a response from ICANN staff. The content of this letter can best be described as a Null Response. It reminded the applicants that the Board had put the names on hold and was still thinking about what to do. more
As you've probably read, WikiLeaks has released a trove of purported CIA documents describing their hacking tools. There's a lot more that will be learned, as people work their way through the documents. For now, though, I want to focus on something that's being misreported, possibly because of deliberately misleading text by WikiLeaks itself. Here's the text from WikiLeaks... more
Microsoft's call for a Digital Geneva Convention, outlined in Smith's blog post, has attracted the attention of the digital policy community. Only two years ago, it would have been unthinkable for an Internet company to invite governments to adopt a digital convention. Microsoft has crossed this Rubicon in global digital politics by proposing a Digital Geneva Convention which should 'commit governments to avoiding cyber-attacks that target the private sector or critical infrastructure or the use of hacking to steal intellectual property'. more
China's newly released International Strategy on Cyberspace is marked by three distinctive layers with different degree of priority: (1) sovereignty (or cybersecurity, or UN Charter), (2) globalization (or digital economy, or WTO rules), and (3) fundamental freedoms (or human rights, or UDHR). The good point of the strategy is that it tries to make the three layers peacefully co-exist in one document. The failure, however, lies in the intentional ranking of relevance/importance of the three layers... more
The Internet is a great success and an abject failure. We need a new and better one. Let me explain why. We are about to enter an era when online services are about to become embedded into pretty much every activity in life. We will become extremely dependent on the safe and secure functioning of the underlying infrastructure. Whole new industries are waiting to be born as intelligent machines, widespread robotics, and miniaturized sensors are everywhere. more
Let's be honest about it. Nobody -- including those very clever people that were present at its birth -- had the slightest idea what impact the internet would have in only a few decades after its invention. The internet has now penetrated every single element of our society and of our economy, and if we look at how complex, varied and historically different our societies are, it is no wonder that we are running into serious problems with the current version of our internet. more
Several years ago, vulnerability disclosure programs, also called "bug bounty" programs, were novel and eyed with suspicion. Given sensitivities and potential liabilities, companies are wary of public disclosure and hackers seeking to exploit research. When a hacker presented a flaw to a company, the company was more likely to be concerned about taking legal action than making a public announcement or offering a reward. That is changing. more
Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more
What will the Internet look like in the next seven to 10 years? How will things like marketplace consolidation, changes to regulation, increases in cybercrime or the widespread deployment of the Internet of Things impact the Internet, its users and society? At the Internet Society, we are always thinking about what's next for the Internet. And now we want your help! more
A World-Renowned Source for Internet Developments. Serving Since 2002.