Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Dennis Fisher of Thread Post reports: "The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the criminals have taken the next step and begun setting up their own virtual data centers." more
A big security news event last night and today is that the Twitter.com Web site was hacked and content on the site replaced. TechCrunch reported it and it has been picked up globally. But - was the Twitter.com website really hacked? We now know it was not so. There are four ways that users typing in Twitter.com would have seen the Iranian Cyber Army page. more
As announced this morning, the Messaging Anti-Abuse Working Group (MAAWG) has established formal relationships with the Internet Engineering Task Force (IETF) and the BITS/Financial Services Roundtable... It's often said that there are too many different organizations working on the overlapping areas of abuse, trust, and related issues. I believe the collaborative approach MAAWG has chosen will bridge these gaps. more
Anyone who reads the papers sees stories -- or hype -- about cyberwarfare. Can it happen? Has it already happened, in Estonia or Georgia? There has even been a Rand Corporation study on cyberwarfare and cyberdeterrence. I wonder, though, if real cyberwarfare might be more subtle -- perhaps a "cyber cold war"? more
Reported today on BBC: "Police chiefs are urging people looking for work during the recession to be alert to online scams that trick them into laundering money. The Serious Organised Crime Agency (Soca) says websites are currently being used to recruit 'money mules'. The 'mules are ordinary people who send and receive payments through their bank accounts to facilitate business." Neil Schwartzman has also informed us of a related report by RSA FraudAction Research Lab based on several months of tracking various reshipping scams engineered by online fraudsters. more
There are thousands of articles perpetuating the claim that China is out to get us on the Internet. And yet, all these discussions are begging the question, is it China attacking? Also, are they even the "usual suspects"?
While I can point to real facts of China making active use of information warfare, cyber warfare, or whatever else you choose to call it (such as the release of 0 days being patched by Microsoft and originally reported by the Taiwanese government, search Microsoft's site), I can also point to Germany (intelligence Trojan horse), the US (The Farewell Dossier) and other countries such as North Korea (without much detail, so questioned)... more
Over the past few years, we have seen a plethora of over-hyped articles in the popular press and blogosphere crowing wrong-headedly about how 'email is dead'. Social networks like Facebook and Twitter, new and as-yet unproven technologies are the supposed death-knell for our old reliable friend, e-mail. I wrote about the rumours of email's death being exaggerated back in 2007 in response to such inanity. Since then, we've seen such a cornucopia of silliness of the 'Such & such is killing email' variety that Mark Brownlow compiled a bunch of articles, and their rebuttals at his excellent site... more
Banks love it when their customers do their transactions on line, since it is so much cheaper than when they use a bank-provided ATM, a phone call center, or, perish forbid, a live human teller. Customers like it too, since bank web sites are usually open 24/7, there's no line and no need to find a parking place. Unfortunately, crooks like on line banking too, since it offers the possibility of stealing lots of money. How can banks make their on line transactions more secure? more
On November 2, 2009, Microsoft released its seventh edition of the Security and Intelligence Report (SIR). The SIR provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The following is an excerpt from the SIR, pp 29-32, about the Conficker worm and the industry response that showed an incredible amount of collaboration across vendors. more
For years now, there have been calls for a high-level cybersecurity official, preferably reporting directly to the president. This has never happened. Indeed, there is a lot of unhappiness in some circles that President Obama has not appointed anyone as "czar" (or czarina), despite the early fanfare about the 60-day cybersecurity review. There are many reasons why nothing has happened... more
With the loud crashing of a traditional drum ceremony and an impromptu electric guitar performance by a young Korean whose rendition of Pachabel has been downloaded sixty million times on YouTube, the 36th meeting of ICANN was kicked off this morning (Korean time) by new CEO Rod Beckstrom and his fellow Directors and assembled one thousand or so participants. ICANN has always been about change, but the atmosphere in Seoul this week is charged with a sense of new challenges and new opportunities. more
Internationalized Domain Names or IDNs are back in the news. ICANN recently released a document entitled "Proposed Final Implementation for IDN ccTLD Fast Track Process"... In a nutshell, ICANN has now offered a path toward authorizing the adoption of ccTLDs in many countries' native languages. This marks a welcome advance for millions of Internet users who do not speak English or who do not use another language covered by ASCII. But with this advance comes some concerns. more
There has been quite a bit of talk lately about the best way to secure a domain, mainly centered in two camps: using Secure Socket Layer (SSL), or using DNS Security Extensions (DNSSEC). The answer is quite simple -- you should use both. The reason for this is that they solve different problems, using different methods, and operate over different data. more
One of the bigger news stories is that of 10,000 usernames and passwords of Hotmail users were posted this past week, victims of a phishing scam... It seems unlikely to me that this would be a hack where someone would break into Hotmail's servers and access the account information that way. It is much more likely that the spammers got the information by social engineering. Why is this more likely? For one, they'd have to get past all of the firewalls and security measures that Microsoft/Hotmail have to keep intruders out. more
Discussions around DNSSEC are so often focused on the root, the attacks, what DNSSEC does and doesn't do and so on -- and these are all valid and important points. But there is far less attention focused on the opportunities that will surface from an authenticated internet. ...DNSSEC is becoming more of a reality now -- rather than a technical discussion which has been stuck in the mud for 15 years. We can now begin to think about new opportunities to build from a secure DNS, opportunities that build on the certainty that you have arrived at the correct website. Today, you can't be sure. more
A World-Renowned Source for Internet Developments. Serving Since 2002.