At the Internet Governance Forum in Baku, I made an intervention on behalf of NL IGF, reporting on the recommendations given by the participants of Workshop 87... I concluded that more regulatory and law enforcement bodies need to become part of the IGF discussions, as they are an integral part of governing the Internet from a safety and security perspective. Mr. Cerf responded with a one-liner: "I can't help observing, if we keep the regulatories confused, maybe they will leave us alone". more
In a video interview conducted during the NSCS ONE conference, Paul Vixie CEO of Farsight Security further discusses the topic of his presentation titled: "Defective by Design -- How the Internet's Openness is Slowly Poisoning Us". more
A new wave of ransomware called "BadRabbit" is targeting Russia and Eastern Europe, affecting Russian Interfax news agency and reported flight delays at Ukraine’s Odessa airport. more
An anonymous tip has lead security experts Brian Krebs and Matthew Chambers to four years of access logs for the entire network of more than 1,000 dot-cm typosquatting domains. more
There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more
Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. more
A week ago, Paul Vixie wrote a thoughtful piece on the morality of DDos, for both sides of the equation of the Wikileaks issues. In it he summarizes things nicely: "Denial of service is not merely a peaceful protest meant to garner attention for a cause. Denial of service is forcible and it is injurious. It is not like any form of civil disobedience, but rather it is criminal behaviour more like looting." Well said, Paul... more
Thousands of websites are reported to have been infected by malware over the weekend forcing visitors' computers to mine cryptocurrency while using the sites. more
Looking back at the year that just ended, here are the top ten most popular news, blogs, and industry news on CircleID in 2009 based on the overall readership of the posts. Congratulations to all the participants whose posts reached top readership in 2009 and best wishes to the entire community in 2010. more
As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more
Here are the top ten most popular news, blogs, and industry updates featured on CircleID during 2012 based on the overall readership of the posts for the past 12 months. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2013. more
A report recently released by McAfee Advanced Threat Research (ATR) revealed a fileless attack targeting organizations involved with the Pyeongchang Olympics. more
This is a followup to Wout de Natris' as usual excellent piece on the Enisa botnet report -- pointing out the current state of mobile malware and asking some questions I started off answering in a comment but it grew to a length where I thought it'd be better off in its own post. Going through previous iterations of Mikko's presentations on mobile malware is a fascinating exercise. more
At the ENISA presentation on her botnet report at eco in Cologne, 9 and 10 March, one of the slots was dedicated to threats to the mobile environment. The message I was supposed to come home with was: we can still count the numbers of mobile viruses manually, <600; the problem will never be the same as on a fixed network as traffic is monitored and metered: We detect it straight away. We are studying the problem seriously. Are mobile operators really prepared for what is coming? more
A recent study took an in-depth look at the scale and the risk of domain name typosquatting -- the practice of registering mis-spellings of popular domain names in an attempt to profit from typing mistakes. "Applying every possible one-character typo to the domain names of Facebook, Google, Twitter, Microsoft, Apple and Sophos," Paul Ducklin, Sophos' Asia Pacific head of technology collected HTTP data and browser screenshots from 1502 web sites and 14,495 URLs. In this report, Ducklin analyses the data revealing unexpected results within the typosquatting ecosystem. more