Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
In a blog post last week, Gary Warner, director of research in computer forensics at the University of Alabama's (UAB) computer and information sciences department, wrote that it is well past time for someone to declare a "Spam Crisis in China". The warning comes along with UAB's reports that most of the spam they receive has ties to China. "It is very normal that more than one-third of the domain names we see each day in spam messages come from China," Warner wrote. "When one also considers the many '.com' and '.ru' domain names which are also hosted in China, the problem is much worse. More than half of all spam either uses domain names registered in China, is sent from computers in China, or uses computer in China to host their web pages." more
If you put 65 million people in a locked room, they’re going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran’s crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC... more
Phishing, stealing personal information by impersonating a trusted organization, is a big problem that's not going away. Most antiphishing techniques to date have attempted to recognize fake e-mail and fake web sites, but this hasn't been particularly effective. A more promising approach is to brand the real mail and real web sites. more
This is a follow-up to my previous post on Cybersecurity and the White House. It illustrates an actual cyberwarfare attack against Estonia in 2007 and how it can be a legitimate national security issue. Estonia is one of the most wired countries in eastern Europe. In spite of its status of being a former Soviet republic, it relies on the internet for a substantial portion of everyday life -- communications, financial transactions, news, shopping and restaurant reservations all use the Internet. Indeed, in 2000, the Estonian government declared Internet access a basic human right... more
New research from the Anti-Phishing Working Group (APWG) has found that up to 81% of domain names used for phishing are legitimate domains that have been hacked. More specifically, out of the 30,454 phishing domains under observation, only 5,591 domain names (18.5%) were registered by phishers according to APWG. The remaining small percentage of the domains used in phishing belonged to subdomain resellers such as ISPs and other web-based services. more
Before we get into what DNSSEC is and the benefits of it, let's talk about some of the other potential pitfalls of DNS. One of the most significant issues we have to deal with are denial-of-service (DoS) attacks. While DoS attacks are not specific to DNS we have seen DNS be a frequent target of these attacks. more
A few months ago, I made a post about IPv6 security. I've caught some flak for saying that IPv6 isn't a security issue. I still stand by this position. This is not to say that you should ignore security considerations when deploying IPv6. All I claim is that deploying IPv6 in and of itself does not make an organization any more or less secure. This point was made by Dr. Joe St. Sauver, of the University of Oregon... more
According to Shanghai Daily, there has been an "organized Internet attack on Tuesday night which caused serious congestion in several provinces [in China] and left millions of users unable to gain access to the Internet." This is the first time the regulator has published news about an investigation into an online attack in China within 24 hours, says Shanghai Daily. ..."It was an attack on DNS (Domain Name System) and the carriers and related firms should do more back-up to avoid similar incidents," the ministry said in a statement. more
News broke this week about an attack in Puerto Rico that caused the local websites of Google, Microsoft, Yahoo, Coca-Cola, PayPal, Nike, Dell and Nokia to be redirected for a few hours to a phony website. The website was all black except for a taunting message from the computer hacker responsible for the attack... more
With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more
With the recent attacks against high-profile New Zealand domain names including Coca-Cola.co.nz and F-Secure.co.nz, fingers are naturally pointing to Domainz, the registrar of record for these domains, as the party responsible for this lapse in security. While domain name registrars certainly need to ensure the security and stability of their systems, domain name registries must also step up and take responsibility for mitigating risks posed by hackers... more
Four senators (Rockefeller, Bayh, Nelson, and Snowe) have recently introduced S.773, the Cybersecurity Act of 2009. While there are some good parts to the bill, many of the substantive provisions are poorly thought out at best. The bill attempts to solve non-problems, and to assume that research results can be commanded into being by virtue of an act of Congress. Beyond that, there are parts of the bill whose purpose is mysterious, or whose content bears no relation to its title. more
A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack. The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security... more
NeuStar's UltraDNS faced attack on two fronts on Tuesday, March 31. One of the attacks was technical -- a massive denial-of-service attack. The second was a rather surprising opening strike from competitor Dynamic Network Services (DynDNS), which launched a full-scale (and in T1R's opinion, misguided) public relations broadside. First, to the actual denial of service attack. Contrary to many early reports, UltraDNS was not 'down' on Tuesday... more
The market has failed to secure cyberspace. A ten-year experiment in faith-based cybersecurity has proven this beyond question. The market has failed and the failure of U.S. policies to recognize this explains why we are in crisis. The former chairman of the Security and Exchange Commission, Christopher Cox, a longtime proponent of deregulation, provided a useful summary of the issue when he said, "The last six months have made it abundantly clear that voluntary regulation does not work."... more
A World-Renowned Source for Internet Developments. Serving Since 2002.