Cybersecurity |
Sponsored by |
|
I read an interesting article in the Wall Street Journal today entitled Cyber Criminals Sniff out Vulnerable Firms. It's a story of a small business owner in New York whose company was broken into by cyber criminals and stole $1.2 million from its bank accounts, although the owner was able to later recover about $800,000 of that. The moral of the story is that small businesses feel like they are not a major target for online thefts like these. more
Declan McCullagh recently opined that the "FBI [and the] DEA warn [that] IPv6 could shield criminals from police." His post was picked-up relatively widely in the past few days, with the headlines adding more hyperbole along the way. So just how real is this threat? Let's take a look. more
ICANN Compliance now has two conflicting answers on record concerning the enforceability of RAA 378 on WHOIS inaccuracy. This is a topic of extreme importance and one we are trying to get to the bottom of. ...inconsistency needs to be resolved as it directly impacts the current RAA negotiations and certainly before new gTLDs are deployed. more
According to press reports, DHS is going to require federal computer contractors to scan for holes and start patching them within 72 hours. Is this feasible? It's certainly a useful goal. It's also extremely likely that it will take some important sites or applications off the air on occasion - patches are sometimes buggy (this is just the latest instance I've noticed), or they break a (typically non-guaranteeed or even accidental) feature that some critical software depends on. more
At the end of January, the DMARC (Domain-based Message Authentication, Reporting & Conformance) specification was publicly announced and resulted in widespread media coverage, blog posts and discussion. Since that time various individuals and organizations have been working on writing code for DMARC validators and report parsers. The dmarc-discuss list has been fairly active as various questions and issues have been raised and clarified. Now it is time to see how well the various implementations play together in live testing. more
For two things that would seem to be completely unrelated there is an interesting parallel between IPv6 and DNSSEC. In both cases there is a misalignment of interests between content providers and service?providers. Content providers aren't highly motivated to deploy IPv6 because only a small proportion of users have v6 connectivity and even fewer only have v6. Service providers aren't anxious to deploy IPv6? because there isn't a lot of content on v6, and virtually none exclusively on v6 - so they don't expand the universe of interesting stuff on the web by deploying IPv6. Basically the same things could be said about DNSSEC. more
The technical press is full of reports about the leak of a hashed password file from LinkedIn. Worse yet, we hear, the hashes weren't salted. The situation is probably both better and worse than it would appear; in any event, it's more complicated. more
This may or may not come as a shock to some of you, but ICANN's contract with the Domain Name Registrars, in terms of WHOIS inaccuracy is not enforceable. Bear with me. The ability of ICANN to enforce against a Registrar who fails to correct or delete a domain with false WHOIS does not exist. more
Crime, fraud, scams etc., they're all very bad things. They're also not going to go away anytime soon. As a domain name registrar and hosting provider we're constantly "at risk", as we sell a lot of services that are both cost-effective and also give criminals the tools they need to attack 3rd parties. Again, this isn't exactly news. We've always taken a very pro-active approach to dealing with criminal activity and network abuse... But recently I've been losing sleep. more
Only two years after signing the DNS root zone, the powerful lure of a secure global infrastructure for data distribution is starting to reveal itself. It is illustrated clearly by two proposed technical standardizations that seek to leverage secure DNS. To some degree these developments highlight the strength of DNS institutions and how they might fill gaps elsewhere in the Internet's governance. But an increasing reliance upon and concentration of power in the DNS also makes getting its global governance correct even more important. more
Eugene Kaspersky has warned global leaders that the world needs international agreements about cyber-weapons in the same way as it needs agreements about nuclear or biological weaponry. The chairman and chief executive officer of Kaspersky Lab, warned delegates at CeBIT Australia that cyber-warfare and terrorism was the number one internet threat facing the world today. He said the Stuxnet industrial virus had demonstrated that cyber-weapons were capable of damaging physical infrastructure, and were "a thousand times cheaper" to develop than conventional weaponry. more
Mobile networks aren't usually thought of as sources of spam, but a quick look at some of the resources that track spam reveals they actually are. This is counter intuitive at first glance because when most people think of mobile they think of smartphones, and those aren't known to be sources of spam (at least not yet). What's really going on is PCs connected to mobile networks with air cards, or tethered with a smartphone where it's permissible, are the culprits more
I first became familiar with DNSSEC around 2002 when it was a feature of the Bind9 server, which I was using to setup a new authoritative DNS platform for customers of the ISP I was working for. I looked at it briefly, decided it was too complex and not worth investigating. A couple of years later a domain of a customer got poisoned in another ISPs network. And while the DNS service we provided was working properly, the customers impression was we hadn't protected them. more
DNSSEC continues to gain momentum as network operators and domain owners watch and learn from early adopters. The learning process is made easier by efforts such as the ongoing work conducted by researchers at Sandia labs to methodically identify and categorize the kinds of problems that are occurring. more
In case you haven't been watching cyber news recently, last week various security researchers published that Macs were infected by the Flashback Trojan and that the total number of infections worldwide was 600,000. This number was published by a couple of blogs. I debated writing about this topic since we had a previous Mac outbreak last year that initially spiked up, caused Apple to go into denial about the affair before issuing a fix, and then the malware kind of went away. Will this follow the same pattern? more
A World-Renowned Source for Internet Developments. Serving Since 2002.