Finding the Holes in Your Application Security Blanket

Last month, application security provider Veracode came out with a study that stated that more than half of all enterprise applications aren't secure. The company tested approximately 2,900 applications over an 18-month period, and 57 percent failed to meet Veracode's "acceptable levels" of security. While this study gained a tremendous amount of traction in the media... it does not focus on the bigger issue... more

SnapNames Faces Lawsuit; Attorney Says Domain Industry Is the Wild West Because It Is Unregulated

A class action lawsuit was filed today in Miami-Dade County Circuit Court on behalf of lead Plaintiff Carlos A. Cueto and others who participated in online auctions for domain names. In the lawsuit, Mr. Cueto alleges that an executive of the company conducting the auctions acted as a shill bidder to manipulate bids. The domain names were auctioned online by Oversee.Net, Inc. subsidiary SnapNames.Com, Inc. "The domain name industry is the wild west of intellectual property because it remains unregulated. The online community has been up in arms over what they feel has been an opaque system that just begs for transparency. It is impossible to know whether you are bidding against someone that isn't working or affiliated with the company conducting the auction," said attorney Santiago A. Cueto. more

Two Years Later the Conficker Worm Not Entirely Disappeared

In a SecurityWeek article today, Ram Mohan writes: "Just over two years ago, the Internet held its breath. The high-profile, widely proliferated Conficker worm had been in the wild from October 2008; its largest mutation was revealed in February 2009, with a widely publicized activation date of April 1, 2009. ... What we do know: Conficker could have proved much more damaging than it ultimately did, and the threat has not entirely disappeared." more

U.S. Concerned over Increasing Russian Submarine Patrols Near Data Cables

Russian submarines and spy are reported to be aggressively operating near vital undersea cables that carry global Internet communications, according to a story in the New York Times. The issue is raising concerns among some American military and intelligence officials regarding the possibility that Russians might be planning to attack those lines in times of tension or conflict. more

Benefits of DNS Based Architecture for M2M Communications

The number of 'things' connected to the internet is already bypassing the number of people on the planet. This Internet of 'things' is changing the way we live and work: from the way food is grown and produced on farms through automated temperature and feeding controls, to the way we check prices and buy through connected terminals, to the vehicles we drive, the security cameras at work, and automated gates at the entrance. Connected 'things' are everywhere. All these 'things' are helping us to be more productive and efficient while also offering more and more convenience. more

U.S. Now Leading Source of Attack Traffic, Followed by China and Russia

The U.S. became the top attack traffic source in the second quarter of 2010, accounting for 11% of observed attack traffic in total, reports Akamai in its State of the Internet Report released today. According to the report, China and Russia held the second and third place spots, accounting for just over 20% of observed attack traffic. Attack traffic from known mobile networks has been reported to be significantly more concentrated than overall observed attack traffic, with half of the observed mobile attacks coming from just three countries: Italy (25%), Brazil (18%) and Chile (7.5%). more

When You Hear “Security,” Think “National Sovereignty”

These days you can hardly talk about Internet governance without hearing about security. DNSSEC is a hot issue, ICANN's new president is a cyber-security expert, and cyberattacks seem to be a daily occurrence.
This reflects a larger shift in US policy. Like the Bush administration before it, the Obama administration is making security a high priority for the US. Only now the emphasis is on security in cyberspace. The outlines of the new policy were published in the recent US Cyberspace Policy Review, which even recommends a cyber security office directly in the White House. more

More Privacy, Bit by Bit

Before the Holidays, Yahoo got a flurry of good press for the announcement that it would (as the LA Times puts it) "purge user data after 90 days." My eagle-eyed friend Julian Sanchez noticed that the "purge" was less complete than privacy advocates might have hoped. more

Gaining Better Network Edge Visibility with Automated IPAM

Large Communication Service Providers (CSPs) that provide transit to their customers need to pay special attention to those network segments to ensure that the IPs associated to them are actually being used. What happens should that customer move on or require more (or less) IP real estate? What do communication and management processes look like to ensure that all the various departments are aligned for rapid and seamless network configuration changes with no downtime? more

WiFi QoE Assurance with TR-069 - Part 3: From Single AP to Large AP Deployments

Last week we investigated how rich data derived from TR-069 can be used to optimize the service quality of a single access point (AP) within the subscriber premises. Often a service provider will control multiple APs within a multi-dwelling unit, university campus, or other public space. This opens up new doors for optimizing service quality - instead of simply optimizing a single AP, you are now able to control other APs in the vicinity as well. more

Study Reveals Economic and Societal Benefits of Establishing IXPs in Emerging Markets

The Internet Society today published the results of a study that demonstrates the far-reaching economic and societal benefits of establishing Internet Exchange Points (or IXPs) in emerging markets.The study, commissioned by the Internet Society and conducted by independent strategy and research consultancy, Analysys Mason, examined the critical cost and performance benefits of IXPs in Kenya and Nigeria - two sub-Saharan countries that have been on the leading edge of Internet growth in Africa. more

Further Developing a Word Mark Similarity Measurement Framework

Expanding on a framework for quantifying word mark similarity by examining algorithms and proposing enhancements. This article assesses consistency with UK trademark case decisions and a search tool, explores subsequence analysis for similarity, and suggests using IPA phonetics to measure aural likeness. The objective framework could improve consistency in trademark assessments, despite the inherent subjectivity of legal tests. more

Processing Domain Data to Improve Business Continuity as a Domain Name Registry

In the fall of 2022, around 9,000 numeric domain names such as 0146.se, 0148.se, 0149.se, and so on were registered in the .SE zone. These domains were registered with two registrars, Register.eu and 1API. They had the same kind of SSL certificate, and there were other similarities among them that strongly suggested they were connected. All these domains were registered after September 1, 2022, but not on the same date... more

Gas Pipeline Firms Under Targeted Phishing Attacks

The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued a warning about an active "spear phishing" campaign targeting companies in the natural gas pipeline sector. In an advisory issued last week, ICS-CERT said it has received information about targeted attacks and intrusions into multiple organizations over the past several months. more

US Antitrust Enforcement in Telecommunication Being Ramped Up

The Wall Street Journal is reporting that antitrust enforcement in telecommunication is being ramped up by the Obama Administration, after relatively lax times. In a piece entitled Telecoms Face Antitrust Threat it indicates that investigators are weighing up the roles of the large carriers and whether they are abusing the market power amassed under the Bush Administration. more