Cybersecurity |
Sponsored by |
|
Kaspersky Lab Expert, Fabio Assolini, has provided detailed description of an attack which as been underway in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, affecting 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems. more
Since the inception of ITU precursors in 1850, its various bodies have treated the subject of telecommunication network security as both an obligation of signatories to the treaty instruments as well as an ongoing collaborative activity. However, what it actually did in those activities was constrained by its jurisdiction and participant competency -- which encompassed international public telecommunication services provided primarily by designated government agency service providers known as PTTs. more
Every now and again a report flies across the network about the police breaking down someone's door and attempting to arrest the home owner for bad things online - assuming that whatever happened from that person's Internet connection is their fault. Now there are lots of problems with this - lots of problems. But one of the big ones is that anyone can access an open access point... more
Reading this morning's blog from Microsoft about "Operation b70" left me wondering a lot of things. Most analysts within the botnet field are more than familiar with 3322.org - a free dynamic DNS provider based in China known to be unresponsive to abuse notifications and a popular home to domain names used extensively for malicious purposes - and its links to several botnets around the world. more
Internet Society has released a paper today highlighting the importance of understanding what is important and unchanging about the Internet. more
Many CircleID readers have been watching the acceleration of DNSSEC adoption by top level domains with great interest, and after many years the promise of a secure and trustworthy naming infrastructure across the generic and country-code domains finally seems within reach. While TLD DNSSEC deployments are major milestones for internet security, securing the top level domains is not the end goal - just a necessary step in the process. more
Cybersecurity regulation is coming. Whether regulations intended to enhance critical infrastructure protection will be based on existing statutory authority, new legislation, an Executive Order or a combination of legal authorities, however, is still unknown. Other aspects of the coming federal oversight of critical infrastructure cybersecurity that remain undetermined include the extent to which governance system will include voluntary characteristics and the time frame for initiation of new cybersecurity regulation. more
Australians may lose their right to privacy online if the attorney-general has her way. Nicola Roxon's discussion paper is before a parliamentary inquiry. Proposals include storing the social media and other online and telecommunications data of Australians for two years, under a major overhaul of Australia's surveillance laws. The government passed a toned down version of these proposals last week, giving police the power to force telcos to store data on customers for a specific period while a warrant is sought. more
The past few weeks, I've been on this security kick particularly when it comes to encryption. I'm developing my own app in my spare time. So I'm trying a whole bunch of things, no doubt making plenty of mistakes in the process. Luckily, the data I am protecting is only quasi-valuable so I can afford to take a hit due to my own conscious incompetence. Anyhow, I ran across this article on Ars Technica yesterday entitled "Why Passwords have never been weaker - and crackers have never been stronger." It's a long article and it will take you a while to read it, but here is my summary. more
While Congress and the White House deliberate possible actions on FISMA reform and increased oversight of critical infrastructure, relatively little attention is being given to the government-wide cybersecurity regulation already in place, the Data Quality Act (DQA). Unlike FISMA, which primarily governs the government's internal cybersecurity processes, and contemplated legislation and/or Executive Order(s), which would likely also include a focus on critical infrastructure protection, the DQA contains a unique mandate. more
Cybersecurity is a top-of-mind issue with calls for individual vigilance, national legislation, and international treaties to address gaps that are exploited causing significant harm and financial loss on a daily basis. The vast majority of these calls are well-intentioned though even among the best-intentioned, some are poorly directed. Such is the case with all of the proposals that would introduce security into the International Telecommunication Regulations (ITRs) of the International Telecommunication Union (ITU). more
Michael Cooney reporting in NetworkWorld: "Security researchers this week will detail a prototype system they say can better detect so-called Domain Name Generation- (DGA) based botnets such as Conficker and Kraken without the usual labor- and time-intensive reverse-engineering required to find and defeat such malware. The detection system, called Pleiades, monitors traffic below the local DNS server and analyzes streams of unsuccessful DNS resolutions..." more
Ten years ago everyone evaluating DNS solutions was always concerned about performance. Broadband networks were getting faster, providers were serving more users, and web pages and applications increasingly stressed the DNS. Viruses were a factor too as they could rapidly become the straw that broke the camel's back of a large ISP's DNS servers. The last thing a provider needed was a bottleneck, so DNS resolution speed became more and more visible, and performance was everything. more
A few weeks ago, the New York Times published an article saying that the Stuxnet worm, which infected a large number of Iran's nuclear power plants, was a joint effort between the United States and Israel. The program began under former president George W. Bush and continued under President Obama. Last month, the Washington Post ran an article saying that the US and Israel collaborated in a joint effort to develop Flame and that work included Stuxnet. more
In the past five years, cyber and telecommunications defence has left its niche market to become one of the fastest growing industries in the world. In 2011, governments, industry and ordinary computer users spent roughly £65 billion shoring up their computer networks, a figure that is predicted to double within five years. more
A World-Renowned Source for Internet Developments. Serving Since 2002.