Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
Reported today on BBC: "Police chiefs are urging people looking for work during the recession to be alert to online scams that trick them into laundering money. The Serious Organised Crime Agency (Soca) says websites are currently being used to recruit 'money mules'. The 'mules are ordinary people who send and receive payments through their bank accounts to facilitate business." Neil Schwartzman has also informed us of a related report by RSA FraudAction Research Lab based on several months of tracking various reshipping scams engineered by online fraudsters. more
There are thousands of articles perpetuating the claim that China is out to get us on the Internet. And yet, all these discussions are begging the question, is it China attacking? Also, are they even the "usual suspects"?
While I can point to real facts of China making active use of information warfare, cyber warfare, or whatever else you choose to call it (such as the release of 0 days being patched by Microsoft and originally reported by the Taiwanese government, search Microsoft's site), I can also point to Germany (intelligence Trojan horse), the US (The Farewell Dossier) and other countries such as North Korea (without much detail, so questioned)... more
Over the past few years, we have seen a plethora of over-hyped articles in the popular press and blogosphere crowing wrong-headedly about how 'email is dead'. Social networks like Facebook and Twitter, new and as-yet unproven technologies are the supposed death-knell for our old reliable friend, e-mail. I wrote about the rumours of email's death being exaggerated back in 2007 in response to such inanity. Since then, we've seen such a cornucopia of silliness of the 'Such & such is killing email' variety that Mark Brownlow compiled a bunch of articles, and their rebuttals at his excellent site... more
Banks love it when their customers do their transactions on line, since it is so much cheaper than when they use a bank-provided ATM, a phone call center, or, perish forbid, a live human teller. Customers like it too, since bank web sites are usually open 24/7, there's no line and no need to find a parking place. Unfortunately, crooks like on line banking too, since it offers the possibility of stealing lots of money. How can banks make their on line transactions more secure? more
On November 2, 2009, Microsoft released its seventh edition of the Security and Intelligence Report (SIR). The SIR provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications. The following is an excerpt from the SIR, pp 29-32, about the Conficker worm and the industry response that showed an incredible amount of collaboration across vendors. more
For years now, there have been calls for a high-level cybersecurity official, preferably reporting directly to the president. This has never happened. Indeed, there is a lot of unhappiness in some circles that President Obama has not appointed anyone as "czar" (or czarina), despite the early fanfare about the 60-day cybersecurity review. There are many reasons why nothing has happened... more
With the loud crashing of a traditional drum ceremony and an impromptu electric guitar performance by a young Korean whose rendition of Pachabel has been downloaded sixty million times on YouTube, the 36th meeting of ICANN was kicked off this morning (Korean time) by new CEO Rod Beckstrom and his fellow Directors and assembled one thousand or so participants. ICANN has always been about change, but the atmosphere in Seoul this week is charged with a sense of new challenges and new opportunities. more
Internationalized Domain Names or IDNs are back in the news. ICANN recently released a document entitled "Proposed Final Implementation for IDN ccTLD Fast Track Process"... In a nutshell, ICANN has now offered a path toward authorizing the adoption of ccTLDs in many countries' native languages. This marks a welcome advance for millions of Internet users who do not speak English or who do not use another language covered by ASCII. But with this advance comes some concerns. more
There has been quite a bit of talk lately about the best way to secure a domain, mainly centered in two camps: using Secure Socket Layer (SSL), or using DNS Security Extensions (DNSSEC). The answer is quite simple -- you should use both. The reason for this is that they solve different problems, using different methods, and operate over different data. more
One of the bigger news stories is that of 10,000 usernames and passwords of Hotmail users were posted this past week, victims of a phishing scam... It seems unlikely to me that this would be a hack where someone would break into Hotmail's servers and access the account information that way. It is much more likely that the spammers got the information by social engineering. Why is this more likely? For one, they'd have to get past all of the firewalls and security measures that Microsoft/Hotmail have to keep intruders out. more
Discussions around DNSSEC are so often focused on the root, the attacks, what DNSSEC does and doesn't do and so on -- and these are all valid and important points. But there is far less attention focused on the opportunities that will surface from an authenticated internet. ...DNSSEC is becoming more of a reality now -- rather than a technical discussion which has been stuck in the mud for 15 years. We can now begin to think about new opportunities to build from a secure DNS, opportunities that build on the certainty that you have arrived at the correct website. Today, you can't be sure. more
Lisa Schlein of the Voice of America reports: "A new system for tackling the growing number of Global Cyber Attacks has been unveiled at ITU Telecom World 2009, a mammoth exhibition, which showcases the latest advances in ICT or information and communications technology. The International Telecommunications Union, which is sponsoring the event, has put global cyber security at the heart of its agenda. 'As you well know, the next world war could happen in the cyber space and that would be a catastrophe,' said ITU secretary-general, Hamdoun Toure." more
Ryan Naraine reporting at Threatpost: "Head of Google's anti-malvertising team Eric Davis wants Internet Service Providers (ISPs) to look beyond profits and take a more proactive approach to dealing with malware-infested computers on their networks. During a keynote presentation at the Virus Bulletin conference here, Davis said competitors in the ISP space must look beyond profits and partner on new initiatives to deal with the "parasites" that have taken control of the Internet landscape." more
Kicking off the sixth annual National Cybersecurity Awareness Month this October, the Department of Homeland Security (DHS) has urged computer users to practice good "cyber hygiene". The campaign was given a boost Wednesday when the Senate passed resolution 285 to support its goal to make U.S. citizens more aware of how to secure the internet. DHS has also announced that is has been given new authority to recruit and hire up to 1,000 cybersecurity professionals across the department to fill roles such as: cyber risk and strategic analysis; cyber incident response; vulnerability detection and assessment; intelligence and investigation; and network and systems engineering. more
Swedish Regulator PTS have today notified .SE, the Swedish (.SE) TLD registry that they have to change the rules... In short, the decision implies that any form of the sequence of the characters "b", "a", "n", "k" are illegal in domain names in Sweden. Further that checks of what domain names are registered are to be checked before registration. more
A World-Renowned Source for Internet Developments. Serving Since 2002.