Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
The Anti-Phishing Working Group has released its latest Global Phishing Survey, written by myself and Rod Rasmussen. This report comprehensively examines a large data set of more than 250,000 confirmed phishing attacks detected in 2015 and 2016. By analyzing this cybercrime activity, we have learned more about what phishers have been doing, and how they have done it. Unfortunately, there's more phishing than ever, and phishers are registering more domain names than ever. more
Over the last couple of years, the networking industry has grown aware of the various security issues that could potentially have a huge impact on their operations. One of the topics that has raised in appeal is DNS security. Considering that much of the publicity around DNS is made by vendors trying to differentiate their solutions, there are many misconceptions out there that guide people into making poor investment in their infrastructure. more
I have recently been a "victim" of the domain name tasting "scam". A domain name (.COM) which is related to me personally (and which was owned by someone else previously) expired and as I knew from Whois (which is another debate on its own) that the expiry date was coming up, I kept a watch on when it would become available so I could register it. To cut a long story short, it took me nearly 6 weeks to get the domain. Each time the domain dropped off the 5 day grace period (it is not really something that would generate ad revenue), it would be picked up by a different registrant... more
In what seems to have started with a blog post by reverse engineer Halvar Flake, and subsequent blog postings from other experts in the know, the details of the recently announced DNS vulnerability was quite likely made public today. The DNS flaw was found earlier this year by security researcher Dan Kaminsky and earlier this month announced publicly along with various tools and patches provided by numerous vendors... more
When rolling out a new protocol such as IPv6, it is useful to consider the changes to security posture, particularly the network's attack surface. While protocol security discussions are widely available, there is often not "one place" where you can go to get information about potential attacks, references to research about those attacks, potential counters, and operational challenges. more
The traditional network operators see OTT services as a threat, and the companies offering them are perceived to be getting a free lunch over their networks - they are calling for international regulation. In particular, the European telcos (united in ETNO) have been claiming that this undermines their investment in infrastructure and they want to use the WCIT conference in Dubai later this year to lobby for regulatory changes that would see certain levies being levied - something that is strenuously opposed by, among others, the USA and the APAC countries. more
Deep Blue Cable is planning a Caribbean cable - phase one, the solid line shown on the map, bypasses Cuba but phase two shows two Cuban landing points. The phase two cities are not shown, but one appears to be near Havana and the other near Playa GirĂ³n. The phase one route survey is underway. Cable installation will begin in September 2018, and it is scheduled to be ready for service in December 2019. more
When visiting a friend in the UK in my student days some decades ago, he asked me at one point in time if I had some coins to keep the electricity meter going. This was the first and last time I saw a coin activated electricity meter. In my mind, prepaid electricity now essentially belonged to a distant past when Scrooge like landlords would make sure renters did not disappear without paying their electricity bills. more
Harm caused by domain name typosquatting is still modest, to both the user and the brand holder, and investment on anti-typosquatting products should be cautious, according to a paper published in Security and Privacy (SP), 2015 IEEE Symposium titled, "Every Second Counts: Quantifying the Negative Externalities of Cybercrime via Typosquatting." The paper presents a strategy for quantifying the harm caused by the cybercrime of typo squatting via an intent inference technique. more
In the ICANN world, our relations are often a little tumultuous, as policy-making bodies can be. As I look back on my experiences over the last decade at ICANN (and many committees, working groups and task forces), one stands out for its quality, dedication, professionalism and hard work. That's the Special Trademarks Initiatives Working Team, or the STI. I was proud to be a part of the Team as an Non-Commercial Stakeholders Group (NCSG) representative, and this tribute reflects my high regard for the Team and the recommendations it produced. more
The IGF this morning published a number of reports, including the aforementioned one, at the URL provided, titled 'IGF 2015 Best Practice Forum Regulation and mitigation of unsolicited communications.' The reports can be found in the included URLs on the IGF Website. more
I approach the mic. As the adrenalin kicks in, my hands begin to slightly tremble. Eyes dart at me, anticipating my imminent speech. I glance at the scribbled text in my notebook to review the key points I hastily made; breathe in, exhale. I look up; the total silence is punctured by my poised words: "My name is Michael Oghia, and I am an Internet Society Ambassador." more
How do we get more feedback from the operators of networks back into the standards process of the Internet Engineering Task Force (IETF)? How do we help know whether the open standards being developed within the IETF reflect the operational realities of the networks into which those standards will be deployed? If we could get more network operators participating in the IETF standards process, would that result in better standards that are deployed faster? more
On Nov. 30 and Dec. 1, several of the Internet Domain Name System's root name servers received high rate of suspicious queries, reaching as high as 5 million queries per second, according to a report released by the Root Server System Advisory Council. The incident has been categorized as a unique type of DNS amplification attack. more
The first question I often get when talking to IT Service providers on ISO 27001 certification is: "How much does it cost to get it?" I like to reply with a question: "how much does it cost when you don't have it?" The answer to the first question is easy, the answer to the second one is more complicated. As a financial I am interested in the business case. If the cost of not having an ISO 27001 certification is higher than the cost of getting and maintaining one, you can actually make a profitable investment by getting certified. more
A World-Renowned Source for Internet Developments. Serving Since 2002.