Widespread Compromised Routers Discovered With Altered DNS Configurations

A widespread compromise of consumer-grade small office/home office (SOHO) routers has been discovered by threat intelligence group Team Cymru. According to the report, "attackers are altering the DNS configuration on these devices in order to redirect victims DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-Middle attack." more

What Chinese DDoS Malware Looks Like

While at that same Virus Bulletin conference that I was talking about earlier in my other post, I also had the chance to check out a session on Chinese DDoS malware put on by some folks from Arbor Networks. As little insight as I have into Android malware, I know even less about Chinese DDoS malware. So what's Chinese DDoS malware like? What are its characteristics? more

DNSSEC Workshop Streaming Live from ICANN 55 in Marrakech on Wednesday, March 9, 2016

What is the current state of DNSSEC deployment around the world and also in Africa? How can you deploy DNSSEC at a massive scale? What is the state of using elliptic curve crypto algorithms in DNSSEC? What more can be done to accelerate DNSSEC deployment? Discussion of all those questions and much more can be found in the DNSSEC Workshop streaming live out of the ICANN 55 meeting in Marrakech, Morocco, on Wednesday, March 9, from 9:00 to 15:15 WET. more

Six Approaches to Creating an Enterprise Cyber Intelligence Program

As few as seven years ago, cyber-threat intelligence was the purview of a small handful of practitioners, limited mostly to only the best-resourced organizations - primarily financial institutions that faced large financial losses due to cyber crime - and defense and intelligence agencies involved in computer network operations. Fast forward to today, and just about every business, large and small, is dependent on the Internet in some way for day-to-day operations, making cyber intelligence a critical component of a successful business plan. more

US Federal Judge Dismisses Kaspersky Lawsuit, Government-Wide Ban Stays in Place

The two lawsuits filed by the Russian software firm Kaspersky Lab against the U.S. government banning federal networks from using the company's anti-virus software was dismissed on Wednesday by a federal judge. more

Cyber Security and the White House, Part 2 - Cyberwarfare

This is a follow-up to my previous post on Cybersecurity and the White House. It illustrates an actual cyberwarfare attack against Estonia in 2007 and how it can be a legitimate national security issue. Estonia is one of the most wired countries in eastern Europe. In spite of its status of being a former Soviet republic, it relies on the internet for a substantial portion of everyday life -- communications, financial transactions, news, shopping and restaurant reservations all use the Internet. Indeed, in 2000, the Estonian government declared Internet access a basic human right... more

Asia Pac Digital Marketing & gTLD Strategy Congress to Be Held in Hong Kong on May 14-15

The Asia Pac Digital Marketing & gTLD Strategy Congress for first and prospective second round applicants will be held in Hong Kong and timed to take place in conjunction with the International Trademark Associations' (INTA) 136 Annual Conference at the Hong Kong Convention and Exhibition Centre (HKCEC) starting on May 10. more

Nominations Open for 2022 Public Interest Registry (PIR) Board of Directors

Are you interested in helping guide the future of the Public Interest Registry (PIR), the non-profit operator of the .ORG, .NGO and .ONG domains? Or do you know of someone who would be a good candidate? If so, the Internet Society is seeking nominations for three positions on the PIR Board of Directors. Read more for details if you are interested in being considered as a candidate or know of someone who should be considered. more

Evolution and the Internet

Evolution isn't just about biology. Our focus on biology is part of the world-wide challenge in getting people to understand how systems evolve. Think of the resistance Galileo faced when he said that the universe didn't, literally, revolve round us. One reason people have difficulty accepting undirected evolution is that educators don't give people a good sense of why things "work". It's a difficult problem because we tend to look for a "reason" for why things are the way they are... more

Call for Participation – ICANN DNSSEC and Security Workshop for ICANN76 Community Forum

Are you doing something interesting with DNS, DNSSEC, or routing security that you would like to share with the larger DNS community at the ICANN 76 meeting in March 2023? If so, please send a brief (1 -- 3 sentence) description of your proposed presentation to dnssec-security-workshop@icann.org by the close of business on Friday, 20 January 2023. Are you doing something interesting with DNS, DNSSEC, or routing security that you would like to share with the larger DNS community at the ICANN 76 meeting in March 2023? more

Bringing Multistakholderism Home, .US and the Stakeholder Council

2014 will be remembered as the year of the "multistakeholder model" on the Internet. NTIA demonstrated its commitment to bottom-up, multistakeholder Internet governance by committing to complete the transfer of responsibility for various technical functions -- known as the IANA Functions -- to the multistakeholder community. NTIA called on ICANN to convene the community to develop a transition plan to accomplish this goal. more

US Election-Related Web Properties Prone to Fraud and Misinformation Due to Lack of Domain Security

The risks of fraud and disinformation in the U.S. election process have been hiding in plain sight. CSC's new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics. This makes them a potential target for hackers looking to spread disinformation ahead of the election, and criminals who want to take advantage of voter intentions... more

Assessing Intent to Cybersquat

It, perhaps, does not have to be said that cybersquatting is an intentional tort. No one would expect the respondent to admit unlawful intention, but complainant's proof must nevertheless support that contention. The Panel in Hästens Sängar AB v. Jeff Bader / Organic Mattresses, Inc. FA2005001895951 (Forum July 31, 2020) reminds us that it takes more than bad faith use of a domain name to find cybersquatting. more

Trying to Predict Miguel Diaz-Canel’s Internet Policy

I recently gave a short talk that concluded with some speculation on the attitude of Miguel Diaz-Canel, who is expected to replace Raúl Castro next year, toward the Internet. I searched online and came up with three clues -- two talks he has given and one act. In May 2013, Diaz-Canel gave a speech at an educator's conference in which he anticipated today's preoccupation with fake news. He acknowledged the futility of trying to control information. more

Does Apple’s Cloud Key Vault Answer the Key Escrow Question?

In a recent talk at Black Hat, Apple's head of security engineering (Ivan Krsti?) described many security mechanisms in iOS. One in particular stood out: Apple's Cloud Key Vault, the way that Apple protects cryptographic keys stored in iCloud. A number of people have criticized Apple for this design, saying that they have effectively conceded the "Going Dark" encryption debate to the FBI. They didn't, and what they did was done for very valid business reasons -- but they're taking a serious risk... more