The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks. Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. more
Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States' second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang's China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more. more
My Twitter feed has exploded with the release of the Kaspersky report on the "Equation Group", an entity behind a very advanced family of malware. (Naturally, everyone is blaming the NSA. I don't know who wrote that code, so I'll just say it was beings from the Andromeda galaxy.) The Equation Group has used a variety of advanced techniques, including injecting malware into disk drive firmware, planting attack code on "photo" CDs sent to conference attendees, encrypting payloads... more
On February 26 of this year the Federal Communications Commission (FCC) of the United States will vote on a proposed new ruling on the issue of "Network Neutrality" in the United States, bringing into force a new round of measures that are intended to prevent certain access providers from deliberately differentiating service responses on the carriage services that they provide. more
Today we continue with part 2 of the 10 part series on IPv6 Security Myths by debunking one of the myths I overhear people propagating out loud far too much: That you don't need to worry about security because IPv6 has it built into the protocol. In this post, we'll explore several of the reasons that this is in fact a myth and look at some harsh realities surrounding IPv6 security. more
The recent NANOG 61 meeting was a pretty typical NANOG meeting, with a plenary stream, some interest group sessions, and an ARIN Public Policy session. The meeting attracted some 898 registered attendees, which was the biggest NANOG to date. No doubt the 70 registrations from Microsoft helped in this number, as the location for NANOG 61 was in Bellevue, Washington State, but even so the interest in NANOG continues to grow... more
You can't open a newspaper today, listen to the radio, or watch TV without hearing about the enormous explosion in the use of telecommunications technology - be it fixed or mobile broadband, the internet, social media, smartphones, tablets, wearables, IoT, cloud computing, the list is endless... Yet, at the same time, many telcos and ISPs are struggling to maintain their profitability. This defies economic logic. more
People working on net neutrality wish for a "third way" — a clever compromise giving us both network neutrality and no blowback from AT&T;, Verizon, Comcast and others. That dream is delusional because the carriers will oppose network neutrality in any real form; they want paid fast lanes. They have expressed particular opposition to "Title II" of the Communications Act — something telecom lawyers mention the same way normal people might reference the First or Second Amendments. Title II is the one essential law to ban paid fast lanes. more
It's been an interesting couple of months in the ongoing tensions between Internet carriage and content service providers, particularly in the United States. The previous confident assertion was that the network neutrality regulatory measures in that country had capably addressed these tensions. While the demands of the content industry continue to escalate as the Internet rapidly expands into video content streaming models, we are seeing a certain level of reluctance from the carriage providers to continually accommodate these expanding demands... more
Keynote speaker, and noted security industry commentator, Bruce Schneier (Co3 Systems ) set the tone for the two days with a discussion on how humans name things and the shortcomings of computers in doing the same. Names require context, he observed, and "computers are really bad at this" because "everything defaults to global." Referring to the potential that new gTLDs could conflict with internal names in installed systems, he commented, "It would be great if we could go back 20 years and say 'Don't do that'," but concluded that policymakers have to work with DNS the way it is today. more
Soon after capitulating to Comcast's surcharge demand for improved treatment of its traffic, Netflix got better downstream delivery speeds. Apparently Comcast did not have to undertake a major bandwidth expansion program. Much to the immediate relief of Netflix, Comcast merely needed to allocate more ports for Netflix traffic. So with a reallocation of available bandwidth, Comcast solved Netflix's quality of service dilemma apparently without degrading service to anyone else, upstream or downstream. more
By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills - and the quality assurance budgets - that something the size of the Internet deserves. more
According to the Online Etymology Dictionary, the verb collide is derived from the Latin verb collidere, which means, literally, "to strike together": com- "together" + lædere "to strike, injure by striking." Combined instead with loquium, or "speaking," the com- prefix produces the Latin-derived noun colloquy: "a speaking together." So consider WPNC 14 - the upcoming namecollisions.net workshop - a colloquium on collisions: speaking together to keep name spaces from striking together. more
How do we get more feedback from the operators of networks back into the standards process of the Internet Engineering Task Force (IETF)? How do we help know whether the open standards being developed within the IETF reflect the operational realities of the networks into which those standards will be deployed? If we could get more network operators participating in the IETF standards process, would that result in better standards that are deployed faster? more
One of the hottest topics in the email biz these days (insofar as any topic is hot) is how we will deal with mail on IPv6 networks. On existing IPv4 networks, one of the most effective anti-spam techniques is DNSBLs, blackists (or blocklists) that list IP addresses that send only or mostly spam, or whose owners have stated that they shouldn't be sending mail at all. DNSBLs are among the cheapest of anti-spam techniques since they can be applied to incoming mail connections without having to receive or filter spam. more
A World-Renowned Source for Internet Developments. Serving Since 2002.