Automated Web Application Attacks Can Peak at 25,000 an Hour

Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to the newly released Imperva Web Application Attack Report. Report also notes that when websites came under automated attack they received up to 25,000 attacks in one hour, or 7 attacks every second. more

Coronavirus Online Threats Going Viral, Part 1: Domain Names

As news of the spread of the coronavirus (COVID-19) continues to emerge, CSC has undertaken the first in a series of studies looking at how the development of the crisis has affected online content. This first article looks at the numbers of registered domains with names containing coronavirus-related strings - "coronavirus" or "covid(-)19" (optional hyphen) - and analyzes the types of content present on the associated websites. more

Newer Cryptographic Advances for the Domain Name System: NSEC5 and Tokenized Queries

In my last post, I looked at what happens when a DNS query renders a "negative" response -- i.e., when a domain name doesn't exist. I then examined two cryptographic approaches to handling negative responses: NSEC and NSEC3. In this post, I will examine a third approach, NSEC5, and a related concept that protects client information, tokenized queries. The concepts I discuss below are topics we've studied in our long-term research program as we evaluate new technologies. more

Google Flags Entire Web Unsafe, Glitch Due to Human Error According to Company

A glitch in Google's security update on Saturday morning caused links to every search result -- including Google's own pages -- to get flagged with the warning: "This site may harm your computer." The errors caused panic among users around the world who at first feared the popular search engine had suffered a major security failure. The problem which lasted for approximately 40 minutes has now been acknowledged and fixed by Google. The reason for the hiccup, as explained by Google, was due to a human error in the list of URLs Google uses to identify and flag websites known to install malicious software. more

There’s a Full-On War for Cybersecurity Talent, CEOs Forking Millions to Fill Roles

With companies realizing the threat of hefty fines, lawsuits, and executive resignations that can follow security breaches, companies are scrambling to scoop up scarce security experts. more

FCC Confirms Tom Wheeler as the New Chairman

The U.S. Senate has unanimously confirmed Tom Wheeler to be chairman of the Federal Communications Commission. The former wireless industry lobbyist, nominated by President Obama back in May, will be replacing acting chairwoman Mignon Clyburn, who stepped in for former FCC chief Julius Genachowski when he left five months ago. more

Are Light Poles Telecom Infrastructure?

A long-running issue resurfaced recently asking if light poles should be made available for telecommunications. This idea that light poles might be telecom infrastructure comes from language included in Section 224 of the United States Federal Communications Commission's (FCC) code that says that a "utility shall provide a cable television system or any telecommunications carrier with nondiscriminatory access to any pole, duct, conduit, or right-of-way owned or controlled by it." more

ICANN Sued in an Attempt to Block .WEB Auction

Controversy over .WEB auction takes a new turn as various sources today pointed to a lawsuit filed against ICANN by Ruby Glen LLC, a subsidiary of Donuts Inc. -- the largest registry for new generic top-level domains (gTLDs). more

Russia Hacker Sentenced to 27 Years in Prison by U.S. Federal District Court

A 32-year-old Russia man was sentenced on Friday to 27 years in prison for computer hacking crimes that is reported to have caused over $169 million in damages to small businesses and financial institutions. more

The Great Telco Quality Transformation

The telecoms industry has two fundamental issues whose resolution is a multi-decade business and technology transformation effort. This re-engineering programme turns the current "quantities with quality" model into a "quantities of quality" one. Those who prosper will have to overcome a powerfully entrenched incumbent "bandwidth" paradigm, whereby incentives are initially strongly against investing in the inevitable and irresistible future. more

When a ‘Response Fee’ is Required in a URS Case

Although filing fees in domain name disputes are usually paid for by the trademark owner that files a complaint, the Uniform Rapid Suspension System (URS) contains a little-noticed provision that, in large cases, requires the domain name registrant to pay a fee to defend itself. The so-called "Response Fee" is only required in URS cases that include 15 or more disputed domain names. more

Security Flaw in TPM Chips Allows Attacks on RSA Private Keys

Details of Infineon’s RSA key generation vulnerability was made public today after several announcements by vendors last week. more

Facebook Building Its Next Datacenter in Ireland, Most Advanced in the World Company Says

Facebook has announced the construction of a new $220 million (€200 million) data centre in Clonee, County Meath, Ireland. This will be Facebook's sixth data center worldwide and the company's second in Europe, after Luleå in Sweden. more

Nepal Internet Connectivity Crucial for Coordination of Relief Efforts

Doug Madory writes to report: "Saturday's earthquake in Nepal, which claimed the lives of at least 4,000 victims and injured many more, took a toll on the country's Internet connectivity, which was already one of the least developed in the region. A recent evaluation of Internet infrastructure in South Asia commissioned by the United Nations Economic and Social Commission for Asia and the Pacific (ESCAP) classified Nepal's international connectivity as 'weak' and its fixed and mobile infrastructure as 'limited'." more

Symantec Chosen as Verification Agent for .bank and .insurance TLDs

fTLD Registry Services, LLC has announced an agreement with Symantec Corporation to provide verification services for the ".bank" and ".insurance" generic top-level domains. According to the report, Symantec will be responsible for adding a layer of protection to the new domains by verifying the eligibility of companies requesting domain names, making sure the person requesting the domain name is authorized by the company and ensuring the name requested by the company complies with fTLD's policies. more