DNC Emails Hacked Using Fake Gmail Login Forms

A new report from SecureWorks Counter Threat Unit has revealed a hacking group operating from the Russian Federation, implemented spearphishing techniques involving use of look-alike Google login pages to gain access to DNC emails and other data. more

Increased Attacks Against ISP Networks

Netscout recently released its latest Threat Intelligence Report that documents DDoS attacks in the second half of 2024. As has been the trend for many years, the largest target of DDoS attacks has been ISP networks. There were over 8.9 million DDoS attacks documented in the second half of last year, up 12.75% over the first half of the year. more

Domain Registrations in New TLDs Overwhelmingly for Defensive Purposes, INTA Study

During the ICANN meeting in South Africa last week, the impact of new gTLD rights protection mechanisms (RPMS) was the subject of key discussions, and some concerns were voiced regarding trademark owners themselves registering domain names excessively and technically abusing the sunrise period. more

ICANN Subject to the Data Quality Act

CRE notified Dr. Twomey, President and Chief Executive Officer of ICANN, of the applicability of the Data Quality Act to ICANN in a detailed letter of October 29th. CRE asked ICANN for a meeting to discuss the issue of the applicability of the Data Quality Act to ICANN since CRE received no communication in response to the letter. In mid-December ICANN agreed to a January 23rd meeting with CRE. Notwithstanding CRE's trip to ICANN's headquarters in California for the scheduled meeting, the organization refused at the last moment to meet with CRE. CRE now knows how Dr. Twomey felt when he was expelled from an ICANN-related planning meeting in Geneva. more

Canada: Smart Regulation, Not De-regulation

Canada's CRTC isn't as dumb as U.S. regulators who are considering ruling that the law doesn't apply where the telcos oppose it. (Title II deregulation) Canada just decided wireless needs to follow the rules. In turn, the CRTC intends to make sure the rules are reasonable. Rather than saying "never any rules," they instead try to write sensible ones. more

Pew Looks at the State of Online Music Ten Years After Napster

Pew Internet reporting on the 10th anniversary of the Napster's launch: "As researchers look back on the first decade of the 21st Century, many will no doubt point to the formative impact of file-sharing and peer-to-peer exchange of music on the internet. Distributed networks of socially-driven music sharing helped lay the foundation for mainstream engagement with participatory media applications. Napster and other peer-to-peer services "schooled" users in the social practice of downloading, uploading, and sharing digital content, which, in turn, has contributed to increased demand for broadband, greater processing power, and mobile media devices." more

A Quick Primer on Internet Peering and Settlements

The business world today features many complex global service activities which involve multiple interconnected service providers. Customers normally expect to execute a single paid transaction with one service provider, but many service providers may assist in the delivery of the service. These contributory service providers seek compensation for their efforts from the initial provider. However, within a system of interdependent providers a service provider may undertake both roles of primary and contributory provider, depending on the context of each individual customer transaction. more

Analysis of 7.5 Trillion DNS Queries Reveals Public Resolvers Dominate the Internet

A recent report by NS1 provides a comprehensive look at global DNS traffic trends. It reveals that public resolvers dominate the internet, accounting for nearly 60% of recursive DNS usage. Telecom giants represent nearly 9%, with Google the clear front-runner at a little over 30%, followed by Amazon Web Services at 16%. more

Comcast’s Network Management Practices: A Brief Analysis

Late last week, Comcast officially disclosed to the FCC details of its network management practices which have been a subject of considerable discussion here on CircleID. (My thanks to Threat Level from Wired.com for providing a convenient copy of Comcast's "Attachment A" in which this disclosure is made.) There's not a lot of startling disclosure in this document, but it does provide some useful concrete facts and figures. I'll quote the more interesting parts of the document here, and offer comment on it. more

New TLDs For Dummies (Sort of)

There's been a lot of media attention on the new Top-Level Domain (TLD) process in the last few days, which is a good thing. Unfortunately most of it is badly written, misleading or simply misinformed. Let's look at the reality. To start with, there are currently 20 gTLDs i.e. "global" Top-Level Domains (extensions)... more

Former Rutgers University Student and Two Other Men Plead Guilty to 2016 Mirai Botnet Attacks

A New Jersey man was one of the three who pled guilty to hacking charges and creating the massive Mirai botnet attacks which spread via vulnerabilities in IoT devices causing massive DDoS attacks. more

NTP is Still a Security Risk

The Network Time Protocol (NTP) has been in the news a number of times over the past couple of years because of attacks on the protocol, vulnerabilities in the daemon, and the use of NTP in DDoS attacks. In each case, the developers of NTP have responded quickly with fixes or recommendations for remediating these attacks. Additionally, the development team has continued to look ahead and has worked to enhance the security of NTP. Unfortunately, that has not translated to an improved security picture for NTP. more

Vendor Selection Matters in the Domain Registrar Ecosystem

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more

Net Neutrality: A Net-Head View

Net neutrality is a complex issue with some strongly opposed views that at times sound more like religion than sensible argument, so this article is an attempt to provide some sense for those still not completely sure what it is all about. Be warned though, that this article is not an unbiased appraisal of the arguments, it is written from the perspective of a confirmed net-head. more

An Internet Security Operations Viewpoint of IGF

The Internet Governance Forum (IGF) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and Internet security industry don't have much to do there, but I have a few updates for us from the conference. more