In March 2013, Spamhaus was hit by a significant DDoS attack that made its services unavailable. The attack traffic reportedly peaked at 300Gbps with hundreds of millions of packets hitting network equipment on their way. In Q1 2015, Arbor Networks reported a 334Gbps attack targeting a network operator Asia. In the same quarter they also saw 25 attacks larger than 100Gbps globally. What is really frightening about this is that such attacks were relatively easy to mount. more
I recall from some years back, when we were debating in Australia some national Internet censorship proposal de jour, that if the Internet represented a new Global Village then Australia was trying very hard to position itself as the Global Village Idiot. And the current situation with Australia's new Data Retention laws may well support a case for reviving that sentiment. more
September 7th 2015 will see the Global IPv6 Next Generation Internet Summit 2015 (hereinafter referred to as IPv6 Summit) held in the Presidential Hotel Beijing. The conference will be co-hosted by the IPv6 Forum and BII Group, under the theme of "IPv6 approaching, are you ready?," which will be well attended by top-notch industrial experts both at home and abroad, hundreds of representatives from carriers across the globe, representatives of well-known vendors in the industry, experts from academic agencies, enterprise users, and many influential news outlets, who will discuss the mainstream plans and technical foci of large-scale IPv6 deployment, influence and challenges brought by IPv6 development on network security, Global Internet of Things boosted by IPv6, and other burning issues. more
In my last blog post I shared some of the general security challenges that come with the Internet of Things (IoT). In this post, I will focus on one particular security risk: distributed denial of service (DDoS) attacks. Even before the age of IoT, DDoS attacks have been turning multitudes of computers into botnets, attacking a single target and causing denial of services for the target's users. By "multitudes" we can be talking about thousands or even millions of victim devices. Now add IoT into the equation... more
Shadow IT -- the use of unsanctioned software and services by employees -- is a problem. It's a big one. According to Forbes, 72 percent of executives don't know how many "shadow" apps are being used on their network. Beyond overloading network resources and impacting data compliance, there is also the real threat of security breaches from unapproved apps. Managing IT you can't see is no easy task, but fortunately it's not impossible. Here are five tips to help bring light to the shadows. more
Would you like to present an idea you have related to DNSSEC or DANE to a gathering of people within the DNSSEC community? Do you have an idea for a new tool or service? Have you recently implemented DNSSEC or DANE and want to share your story? The deadline is Monday, August 17, so please send your proposal soon! We are open to proposals on a wide range of topics... more
In 2013 I wrote a blog Telecoms as a spying tool, in which I mentioned that those who use the internet to spy indiscriminately will have to face the reality that such activities will only start a cat-and-mouse game -- the technology will always be able to stay one step ahead of those who are using the internet for criminal purposes. Since that time some very significant developments have taken place that have confirmed our prediction. more
Unlike consultant-led penetration testing, periodic or continual vulnerability scanning programs have to operate harmoniously with a corporation's perimeter defenses. Firewalls, intrusion prevention systems, web proxies, dynamic malware analysis systems, and even content delivery networks, are deployed to protect against the continuous probes and exploit attempts of remote adversaries -- yet they need to ignore (or at least not escalate) similar probes and tests being launched by the managed security service providers an organization has employed to identify and alert upon any new vulnerabilities within the infrastructure or applications that are to be protected. more
A great deal of discussion is taking place about topics such as the digital economy, sharing economy and networked economy. Obviously these are concepts rather than being well-defined, but they are being used by the various players in the market to argue for or against certain developments. For example, in some of the broadband debates around the world, the digital economy is the key reason why national broadband infrastructure gets developed. more
A few weeks ago I wrote about Apple's IPv6 announcements at the Apple Developers Conference. While I thought that in IPv6 terms Apple gets it, the story was not complete and there were a number of aspects of Apple's systems that were not quite there with IPv6. So I gave them a 7/10 for their IPv6 efforts. Time to reassess that score in the light of a few recent posts from Apple. more
A World-Renowned Source for Internet Developments. Serving Since 2002.