Cybersecurity |
Sponsored by |
Two recent celebrated cybersecurity standards history events brought together sets of people who were intimately involved with some of the most significant network security standards work ever undertaken. These included the X.509 digital certificate standards at ITU X.509 Day, and the Secure Digital Network System (SDNS) standards at the NSA Cryptologic History Symposium 2022. more
On Monday May 23 2022 at 3 -- 5pm EEST (12:00 -- 14:00 UTC) the Finnish Internet Forum will convene a panel at the University of Helsinki with the topic 'Internet and War'. A panel of experts will address the question of how the war has affected the Internet and how the Internet has been used to influence Finland and elsewhere during the war. The event will be conducted in English. more
The approval on 13 May by the European Council and Parliament of a near-final draft Directive on European Cybersecurity (NIS2) brings the world's most far-reaching cyber regime closer to realization. What is generally unknown, however, is the broad scope and global extraterritorial jurisdiction reach of the Directive. It applies to almost every online service and network capability that exists as infrastructure or "offered" anywhere in Europe. more
A web domain name is the foundational piece of internet property allowing its owner (registrant) to construct and host an associated website. On a domain, the owner is also able to construct whatever subdomains they wish -- a process that is technically achieved via the configuration of records on the authoritative domain name system (DNS) server. more
Nowadays, with increasing digitalization and internet usage, email is a central communication tool. This holds true even despite the high popularity of instant messaging apps and social media. Email remains the favorite means of business communication worldwide, both in B2B and B2C. In 2019, 293.6 billion emails were sent and received. By 2025, this number will grow even more. It is predicted that we will send and receive 376.4 billion emails per day. In this scenario, implementing security features for email communications has become absolutely essential. more
The cybercrime legal community from around the globe is meeting under the aegis of the Council of Europe (COE) to hold the annual Cooperation against Cybercrime conference dubbed Octopus 2021. It is also celebrating the 20th anniversary of the Cybercrime Convention treaty signed in November 2001 in Budapest. Not celebrated and little known, however, is the Stanford Draft -- A Proposal for an International Convention on Cyber Crime and Terrorism -- and the initiative begun in 1997 which brought about that draft treaty instrument. more
A substantial amount of DNS community discussion on the topic of DNS Abuse is focused on defining what is or is not DNS Abuse. The definition adopted by ICANN contracted parties, as well as the DNS Abuse Institute, is straightforward: DNS Abuse is malware, botnets, pharming, phishing, and spam where it's a vehicle for the preceding harms. There is, of course, some fuzziness on the margins, where technical harms are also using content. more
There's a bit of a debate going on about whether the Kaseya attack exploited a 0-day vulnerability. While that's an interesting question when discussing, say, patch management strategies, I think it's less important to understand attackers' thinking than understand their target selection. In a nutshell, the attackers have outmaneuvered defenders for almost 30 years when it comes to target selection. more
Phishing scams are nothing new in the online security world and show no signs of subsiding. The scam starts when a fraudster sends a communication purporting to originate from a trusted provider and encourages the recipient, often with a conveyed sense of urgency, to click a link. That link leads to a fake site, usually intended to collect confidential login credentials or other personal information. In similar scams, the mail may encourage the recipient to open an attachment loaded with malicious content. more
In January Jörg Schweiger, DENIC's CTO from 2007 to 2014 and CEO since 2014, announced he was stepping down from his position in December. It's been quite a ride, and the domain name industry has evolved quite a lot. So we asked Jörg a few questions about his time with DENIC and the changes he's seen... he came up with some insightful views on why he thought new TLDs missed a great opportunity to do something with "innovative new business models," the importance of security to DENIC... more
Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more
Many in the network security field may be familiar with the phrase: "It's always DNS." This is a popular meme within the industry, often making reference to the internal domain name system (DNS), the dynamic host configuration protocol (DHCP) part of a company's online network, that whenever there is a network issue, it's always an issue with DNS. more
Yesterday, The Epoch Times reported on leaked internal Chinese government documents revealing that premier Xi Jinping has "personally directed the communist regime to focus its efforts to control the global Internet, displacing the influential role of the United States." Xi's ultimate aim is for the Chinese Communist Party (CCP) to wield "discourse power" over communications and discussions on the global geopolitical stage by controlling content on the Internet. more
Over the last few years, it's become clear that abuse of the Domain Name System -- whether in the form of malware, botnets, phishing, pharming, or spam -- threatens to undermine trust in the Internet. At Public Interest Registry, we believe that every new .ORG makes the world a better place. That means anything that gets in the way of that is a threat, and that includes DNS Abuse. more
Two months ago, the Federal Bureau of Investigation (FBI) alerted the public to a list of domains that could easily be mistaken to be part of its network. The list of artifacts contained a total of 92 domain names, 78 of which led to potentially malicious websites, while the remaining 14 have yet to be activated or are no longer active as of 23 November 2020. more