The Take Away from Global Payments Breach

Global Payments, an Atlanta-based payment card processing firm, announced yesterday that they had suffered "unauthorized access into a portion of its processing system". Sometime in early March they uncovered the attack, and there are some indications that the breach occurred between January 21st and February 25th of this year... There are a number of unverified reports that a New York City street gang with Central American ties took control of "an administrative account that was not protected sufficiently". more

Why R&E Networks Should Be Aware of the CDN Interconnect Initiative (CDNI)

At the recent IETF meeting there has been considerable discussion about interconnection of Content Delivery Networks. A lot of this is being driven unfortunately by the incumbent telco/cableco's who never understood CDN in the first place, and now want to assert control over this critical new Internet architecture, much in the same way that they want to take control over open WiFi hot spots as part of an integration strategy with their 3G/4G networks. more

U.S. Outgunned in Hacker War

The Wall Street Journal has an interview with the outgoing head of the FBI's cyber crime investigation Shawn Henry. In it, he has a blunt assessment of the US's capabilities when it comes to combatting online crime, especially data theft and hacking... The more I read around the Internet, the more clear it's becoming at how cyber security is becoming a central focus. This has pretty big implications for the cloud. more

Review Your Email Forwarding Practices

As unusual as it may be for a lawyer to speak at a IETF meeting, Ian Walden gave a lecture on Data Protection Directives and updates thereof. He said they affect some 90 jurisdictions. A difference between email addresses and cookies - the latter are the main subject of the January 2012 update of the directives - is that after more than a decade of enforcement, specific browser extensions may allow users to browse what cookies they have, while no record states whom they conferred their email addresses to. more

Critical Role for R&E Networks+Commercial Clouds in US Government “Big Data” Initiative

It is great to see US and European governments undertake initiatives to promote the development of research into Big Data utilizing commercial clouds. Many cloud providers are offering free resources to support these initiatives. R&E networks will play a critical role in linking researchers to the commercial clouds and developing collaboration platforms and portals. more

Kelihos Is Dead: Long Live Kelihos

The King is dead. Long live the King! Or, given this week's events, should the phrase now be "Kelihos is dead. Long live Kelihos"? It is with a little amusement and a lot of cynicism that I've been watching the kerfuffle relating to the latest attempt to take down the Kelihos botnet. You may remember that a similar event ("Kelihos is dead") occurred late last year after Microsoft and Kaspersky took it on themselves to shut down the botnet known as Kelihos (or sometimes as Waledac 2.0 or Hlux). more

White House Launches Big Data Research and Development Initiative

The Obama Administration has announced today a "Big Data Research and Development Initiative." The initiative, has committed to more than $200 million in new funding spearheaded by the White House Office of Science and Technology Policy (OSTP) and National Science Foundation (NSF), along with the National Institutes of Health (NIH), Department of Defense (DoD), Defense Advanced Research Projects Agency (DARPA), Department of Energy (DoE) Office of Science, and U.S. Geological Survey (USGS), seeks to "advance state-of-the-art core technologies needed to collect, store, preserve, manage, analyze, and share huge quantities of data; harness these technologies to accelerate the pace of discovery in science and engineering, strengthen our national security, and transform teaching and learning; and expand the workforce needed to develop and use Big Data technologies." more

China Continues to Add 30M Broadband Subscribers Per Year

China continues to add broadband subscribers at a rate of about 30M per year. MIIT puts the January growth at 2.5M to a total of 152.5M. Of those, about 1.5M were DSL. They don't release fiber counts, but Jeff Heynen of Infonetics is reporting tens of millions of lines of fiber gear are in the pipeline. China has been consistently at 2-3M net adds per month. Two key policy moves are likely to maintain or even increase the growth rate. more

I Don’t Need a Signature to Know It’s Going to Be Bad…

There was a period of time not long ago in which signature-based threat detection was cutting-edge. Antivirus, intrusion detection systems (IDS), data leakage prevention (DLP), content filtering and even anomaly detection systems (ADS) all continue to rely heavily upon static signatures. In recent years vendors have shied away from discussing their dependence on such signatures -- instead extolling supplemental "non-signature-based" detection technologies. more

Household Botnet Infections

Pinning down the number of infected computers is really, really hard. I'd go as far as saying it's practically impossible to calculate, let alone observe. Still, that's not going to stop people from attempting to guess or extrapolate from their own observations. Over the years I've heard "reliable" numbers ranging from 10% through to 60% -- and I don't trust any of them. There's a whole gaggle of reasons why the numbers being thrown out to the public are inaccurate and should ideally be interpreted with a lot of skepticism by any right-minded folks. more

Microsoft Disrupts the Zeus Infrastructure

Over the weekend and this morning, Microsoft, working in conjunction with others, issued civil lawsuits to sinkhole numerous domains associated with the Zeus botnet. When I say "botnet", I use the term loosely because Zeus is not a botnet in the sense that Rustock or Waledac is (or was). Rather, Zeus is a tool kit that online criminals can buy that lets them create phishing pages, perform fast fluxing, host drive-by downloads in addition to spamming. It's more like infrastructure than a botnet, although it does have a large botnet under its control. more

Microsoft and Financial Services Groups Disrupt Zeus Botnet Servers

Microsoft's Digital Crimes Unit - in collaboration with Financial Services - Information Sharing and Analysis Center (FS-ISAC) and NACHA - The Electronic Payments Association, as well as Kyrus Tech Inc. - has executed a coordinated global action against some of the worst known cybercrime operations fueling online fraud and identity theft, said Microsoft in an announcement today. "With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry operation against this cybercriminal organization." more

The Internet Monopoly

People are increasingly becoming aware of the emerging 'internet monopoly'. Companies such as Google, Facebook, Twitter and many the other (local) social network and media sites are becoming so large and powerful that they can dictate the use of their services in such a way that people lose control over their own information and their participation in these networks. ... These digital media developments certainly did happen, but they are not founded on the 'permission-based' principles that we advocated during all those years. more

US Government Networks Thoroughly Penetrated by Foreign Spies, Experts Tell Senate

Network security experts from across the U.S. government told a U.S. Senate Armed Services Subcommittee on Tuesday that federal networks have been thoroughly penetrated by foreign spies, and that current perimeter-based defenses that attempt to curb intrusions are outdated and futile. more

The Journey of IPv6 Implementation 9 Months Later

ICANN 43 in Costa Rica was in the heart of IPv6 implementation with everybody touching on how much it was needed as part of the internet ecosystem to fully utilize the ICANN expansion of the new gTLD namespace from 21 to the maximum number that will manage to get delegated at the beginning of 2013. more