Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
"We need to break down silos", is a phrase often heard in national and international meetings around cyber security and enforcing cyber crime. So it is no coincidence that at the upcoming NLIGF (Netherlands Internet Governance Forum), the IGF, but also an EU driven event like ICT 2013 have "Breaking down silos" and "Building bridges" on the agenda. But what does it mean? And how to do so?
If you haven't been reading the news of late, venerable anti-spam service Spamhaus has been the target of a sustained, record-setting Distributed Denial-of-Service (DDoS) attack over the past couple of weeks... Of course, bad guys are always mad at Spamhaus, and so they had a pretty robust set-up to begin with, but whoever was behind this attack was able to muster some huge resources, heretofore never seen in intensity, and it had some impact, on the Spamhaus website, and to a limited degree, on the behind-the-scenes services that Spamhaus uses to distribute their data to their customers.
As noted in my first article of this series (see part one, two and three), security and reliability encompass holistic network assessments, vulnerability assessments and penetration testing. This month I'd like to go deeper into penetration testing; however, first, let's go back for a quick refresh before getting started.
This post was co-authored by Sarah McKune, a senior researcher at the Citizen Lab. Public attention to the secretive world of cyber espionage has risen to a new level in the wake of the APT1: Exposing One of China's Cyber Espionage Units report by security company Mandiant. By specifically naming China as the culprit and linking cyber espionage efforts to the People's Liberation Army, Mandiant has taken steps that few policymakers have been willing to take publicly, given the significant diplomatic implications.
In part 1, I talked about some of the risks associated with BYOD. But there are actions you can take to greatly reduce this risk. One effective method for limiting the risk of BYOD is to employ DNS-based security intelligence techniques. DNS-based security intelligence makes use of an enterprise's caching DNS server to monitor and block DNS queries to known botnet command and control (C&C) domains.
On Friday 11 January 2013 the European Cybercrime Centre, EC3, officially opened its doors at Europol in The Hague. If something shone through from the speeches of the panel participants, it is that there are tight budget restraints and a strong wish to cooperate with the U.S., the Interpol centre in Singapore and Russia. Let me share my thoughts on expectations.
Here are the top ten most popular news, blogs, and industry updates featured on CircleID during 2012 based on the overall readership of the posts for the past 12 months. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2013.
Throughout the second half of 2012 many security folks have been asking "how much is a zero-day vulnerability worth?" and it's often been hard to believe the numbers that have been (and continue to be) thrown around. For the sake of clarity though, I do believe that it's the wrong question... the correct question should be "how much do people pay for working exploits against zero-day vulnerabilities?"
Yesterday, in my post on three new threats in one day, I posed the question whether it was necessary to develop regulations that would set a minimum standard on cyber security for devices that connect to the Internet. I'm having second thoughts here, which I'll explain in this post, but also try to look at a way forward and ask you to engage.
Internet crooks never cease to surprise me. The inventiveness in being bad is super. If these guys lent their thinking power to the economy, the economic crisis would be solved within a week. Today I ran into three brand new cyber security threats that were reported on. In one day. So I thought to share them with you.
A World-Renowned Source for Internet Developments. Serving Since 2002.