Cybersecurity |
Sponsored by |
|
NIST has released a revised FIMSA Implementation Schedule that omits a previously planned Second Public Draft of SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations. Instead, NIST plans to proceed directly to a Final Public Draft, now expected in May 2011. more
Looking back at 2010, here is the list of top ten most popular news, blogs, and industry news on CircleID in 2010 based on the overall readership of the posts (total views as of Jan 1, 2011). Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2011. Happy New Year! more
DNSSEC is being rolled out quickly in top-level domain registries around the world, but there's still some way to go to encourage other Internet stakeholders to adopt the new security technology. That was one of the key takeaways from a day-long, comprehensive session on Domain Name System Security Extensions implementation worldwide, held during ICANN's public meeting in Cartagena, Colombia, last week. more
For an organization where people argue for hours over arcane minutiae, it's remarkable that virtually everyone agrees that ICANN should serve the "global public interest" and build "consumer trust" in the Internet. Although it's only three pages long, ICANN's Affirmation of Commitments (AoC) cites "public interest" five times and "consumer trust" eight times. So at the ICANN meeting today in Cartagena, Colombia, a group of participants explored ways to "institutionalize" these concepts within the organization. more
In this part I want to focus on the gathering of cyber crime data. Are there best practices in the world on how cyber crime data is reported to law enforcement and aggregated to show the impact of said crime? Previously the discussion focused on the fact that cyber crime = crime and on a basic cyber (crime) training for every police officer. From the reactions this received, it is clear that some people see this as a possible solution. more
The past couple of weeks have been pretty seminal for anyone concerned about the state of Internet security and the bigger picture as to how much we could - do - and should - trust the Web. These two strange words - WikiLeaks and Stuxnet - have suddenly entered our lexicon and there is a lot to be concerned about in the world of smart grid. more
The most effective early email-borne viruses didn't need botnets. They didn't change your computer settings, or steal your login credentials. And they somehow convinced regular users to help them spread. The first warnings about the Good Times virus began to appear in November of 1994, and by December the warnings were seen all over as people did what the warning said, and forwarded it to all their friends. There was another outbreak the following March... more
The security vendor-phobe at the head of the conference bangs on the podium with his shoe declaring that "The greatest threat comes from within! (buy our product for your network's salvation)." Fear as a marketing strategy can never be underestimated. Particular when the fear is of the misunderstood. Media helps stoke the flames of fear-marketing with stories of fired or disgruntled IT staff who reportedly effectuate their revenge on former employers by bricking systems. more
Anti-spam and malware enforcement agency ACMA reports on this (shocking high?) figure. Keep this up and ca. 50% of the Australian population is infected within a year. I remember a presentation from Sweden only a few years ago, that there were only a little over a thousand infected pc's in Sweden. (Reactions were: that can't be correct. Too low) Do you know what the numbers are for your country and maybe more importantly what your government and/or Industry is/are doing about it? more
In the midst of "Cyber Monday", the day traditionally seen as one of the year's busiest days for online shopping, it is only appropriate to examine the importance DNS plays for online economies. With DNS being at the heart of Internet connectivity it is easy to understand why DNS is important to the growing health of economies whose online health in dollars and euros rest in the billions. more
I'm sure many of you are familiar with the targeted ESP phishing attack that has been ongoing for almost a year now and has led to multiple known ESP system breaches. Return Path was recently a victim of this same attack... In short, a relatively small list of our clients' email addresses was taken from us, meaning those addresses are now the targets of the phishing campaign that are intended to compromise those client systems. more
The European Commission is apparently considering the promulgation and adoption of a directive that would, at least in part, criminalize botnets. As I understand it, the premise behind adopting such a directive is that since botnets are capable of inflicting "harm" on a large scale, we need to separately criminalize them. I decided to examine the need for and utility of such legislation in this post. more
The public is taking an increasing interest in ensuring that IT assets of federal agencies are protected from cybersecurity attacks. FISMA is addressing this concern, in part, by initiating a standard setting process for continuous monitoring. The actions taken by NIST for the federal sector could have a very significant impact on the private sector because pending legislation would provide the federal government with the authority to mandate cybesecurity measures on the private sector. more
An industry professional at Abusix is the backbone behind a proposal to improve and create better mitigation of abuse across different global internet networks. Basically, this introduces a mandatory "abuse contact" field for objects in global Whois databases. This provides a more efficient way for abuse reports to reach the correct network contact. Personally - as a Postmaster for a leading, white-label ISP, I applaud this with great happiness for multiple reasons. I also feel people who handle abuse desks, anti-abuse roles, etc. should closely follow this. more
McAfee, Inc. today unveiled its McAfee Threats Report: Third Quarter 2010, which uncovered that average daily malware growth has reached its highest levels, with an average of 60,000 new pieces of malware identified per day, almost quadrupling since 2007. At the same time, spam levels decreased in volume this quarter, both globally and in local geographies. Spam hit a two year low this quarter while malware continued to soar. More than 14 million unique pieces of malware were identified in 2010, one million more than Q3 2009. more
A World-Renowned Source for Internet Developments. Serving Since 2002.