Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
There's a bit of a debate going on about whether the Kaseya attack exploited a 0-day vulnerability. While that's an interesting question when discussing, say, patch management strategies, I think it's less important to understand attackers' thinking than understand their target selection. In a nutshell, the attackers have outmaneuvered defenders for almost 30 years when it comes to target selection. more
Over the past several months, CITP-affiliated Ph.D. student Sarthak Grover and fellow Roya Ensafi been investigating various security and privacy vulnerabilities of Internet of Things (IoT) devices in the home network, to get a better sense of the current state of smart devices that many consumers have begun to install in their homes. To explore this question, we purchased a collection of popular IoT devices, connected them to a laboratory network at CITP, and monitored the traffic that these devices exchanged with the public Internet. more
After the botched burglary at the Watergate Apartments, every scam and scandal that hit the headlines became a 'gate' -- Irangate, Contragate, you name it. The Heartbleed bug is possibly the closest thing to Watergate that this generation of computer security had seen till the past few days -- an exploit in a component that is "just there" -- something you utterly rely on to be there and perform its duties, and give very little thought to how secure (or rather, insecure) it might be. So, fittingly, every such catastrophic bug in an ubiquitous component is now a 'bleed'. more
New generic Top-Level Domains (gTLDs) appear to be headed for introduction next year, finally. That's a good thing for many ICANN constituents who have been waiting for them to become available. Important questions persist about how new gTLDs will affect ICANN and its constituents, however, despite a lot of effort to resolve concerns. Pressing those questions should not be taken as criticism of the basic wisdom of making new gTLDs available to many constituents under many circumstances. But too much is at stake not to get it right. more
ICANN has posted a request by Afilias for a new registry service in relation to "abusive" domains in dot-info. While in general the proposal is motivated by good intentions, the devil is in the details. While most folks (including myself) probably care very little about the .info TLD, my concern is that any bad implementation in .info might be copied or used as a precedent in other more important TLDs, in particular .com run by VeriSign. more
Last December I wrote about Mark Mumma, who runs a small web hosting company in Oklahoma City and his battle with Omega World Travel a/k/a cruise.com. Mumma lost his CAN SPAM suit agains them in December, but Omega's countersuit for defamation went to trial last week, and I hear that the jury awarded Omega $2.5 million in damages, which Mumma is not likely to be able to pay. This may be painted in some circles as a huge defeat for anti-spam activists, but it's not... more
In 2002, VeriSign, the registry for .COM and .NET domain names, proposed the idea of a centralized, registry-level "wait list" for currently registered domain names. The system would let anyone around the world get "next in line" for a name that is registered now but may become available later.
This new registry service, titled Wait List System (or WLS), would augment what is now an ad-hoc group of registrar-level services that are useful, but aren't always fully dependable or even available to the general public. more
The first part of a multi-part series report by ICANNfocus. This part discusses the history of the data quality act. "The Center for Regulatory Effectiveness (CRE) has determined that ICANN is subject to the Data Quality Act. Specifically, because ICANN carries out the technical management of the internet, including the IANA function and the implementation of new top level domains, under agreement with the U.S. Department of Commerce, ICANN's information disseminations are "sponsored" by the Department and thus subject to the Act." more
At the Internet Governance Forum (IGF) 2024 in Riyadh, the Internet Standards, Security and Safety Coalition (IS3C) released a new tool: 'To deploy or not to deploy, that's the question. How to convince your boss to deploy DNSSEC and RPKI'. In this report, IS3C advocates mass deployment of these two newer generation, security-related internet standards, as their deployment contributes significantly to the safety and security of all internet users. more
Internet Corporation For Assigned Names and Numbers (ICANN) has released the following announcement today for its upcoming meetings in Kuala Lumpur, Malaysia: ICANN, the international organisation responsible for managing and coordinating the Internet's Domain Name System is meeting in Kuala Lumpur 19-24 July, amidst reports that Internet usage in Asia is growing at an increasing pace, and that ICANN's model of public-private partnership is succeeding. more
Passwords are no longer sufficient to maintain an adequate level of security for business critical infrastructure and services. Two-factor authentication should be considered the minimum acceptable level of access control. There have been two types of security stories in the technology news over the last few months that should be of particular concern to system administrators and those responsible for maintaining business network infrastructure. more
The recent tempest in a teacup on ARINs PPML list over the transfer of IP address blocks from Nortel (a company in Chapter 11) to Microsoft has some interesting Internet Governance dimensions that are yet to be discussed. One aspect that has been overlooked amidst all the sound and fury, is the governmental perspective on IP address transfers. more
Last night Intelligence Squared and Neustar conducted a fascinating, Oxford style debate on whether the threat of cyber war has been exaggerated. A packed house at the Newseum in Washington, DC heard four cyber heavyweights go toe-to-toe verbally both for and against the proposition that the threat has been exaggerated. more
Leading Moscow-based anti-virus software provider Kaspersky Lab is planning to open a data center in Switzerland to address Western government concerns that Russia exploits its anti-virus software to spy on customers, according to a report from Reuters on Wednesday. more
New research has uncovered evidence of spammers establishing their own fake URL-shortening services for the first time. According to the latest MessageLabs Intelligence report, shortened links created on these fake URL-shortening sites are not included directly in spam messages; instead, the spam emails contain shortened URLs created on legitimate URL-shortening sites. "Rather than leading directly to the spammer's final Web site, these links actually point to a shortened URL on the spammer's fake URL-shortening Web site, which in turn redirects to the spammer's final Web site." more
A World-Renowned Source for Internet Developments. Serving Since 2002.