The EU's 'cyber security' Agency ENISA (The European Network and Information Security Agency) has launched a new report concluding that the EU should focus its future IT security research on five areas: cloud computing, real-time detection and diagnosis systems, future wireless networks, sensor networks, and supply chain integrity. more
The month-long series of coordinated attacks against Estonia's Internet in 2007 that shutdown websites of Estonia's government, those of its officials, banks and news agencies are believed to be based by various physiological principles including anonymity and contagion. more
Over at Krebs on Secrity blog, Brian Krebs reports: "Purveyors of fake anti-virus or 'scareware' programs have aggressively stepped up their game to evade detection by legitimate anti-virus programs, according to new data from Google. In a report being released today, Google said that between January 2009 and the end of January 2010, its malware detection infrastructure found some 11,000 malicious or hacked Web pages that attempted to foist fake anti-virus on visitors." more
After all the unexplainable outages that undersea cables have severed, I thought it would be essential to highlight a brief history about who owns the oceans including some pointers about global undersea communication cables aka world's critical infrastructure. more
ICANN has given Jordan preliminary approval for its IDN (Internationalized Domain Name) ccTLD. "At this time ICANN has received a total of 21 requests for IDN ccTLD(s) through the String Evaluation process, representing 11 languages. A total of 13 requests have successfully passed through the String Evaluation and are hence ready for the requesting country or territory to initiate the application for String Delegation." more
Gary Warner over at Cyber Crime and Doing Time has a good post up this week about the CallService.biz website being shut down. I have posted a few good excerpts and added my comments to the end. ... Warner's take on the world of spam, malware, hacking and phishing is that unless people actually go to jail because they are spamming, the problem of spamming will never get better. That's because when the security industry fixes the latest hole or comes up with a new technology to stop the newest threat, spammers simply move onto another. more
Last month a bill in the Israeli Knesset would have required ISPs to provide portable e-mail addresses, analogous to portable phone numbers that one can take from one phone company to the other. As I noted at the time, e-mail works differently from telephone calls, and portability would be difficult, expensive, and unreliable. So I was wondering, idly, if we really wanted to provide portable e-mail addresses, how hard would it be? more
Earlier this year Okpako Mike Diamreyan was found guilty of wire fraud. The district court recently denied his motion for judgment of acquittal. Diamreyan "was charged with devising a scheme to defraud known as an 'advance fee.'" As the court describes it, this is a "scam . . . where a person asks an individual to pay an advance fee in order to obtain a larger sum of money, which the individual [victim] never receives." ... Two things about the case struck me... more
Google, which through its Postini email security and archiving service processes over 3 billion email connections a day, reports that despite recent series of major botnet takedowns, spam levels during the first quarter of 2010 have held fairly steady. "This suggests that there's no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns." more
At a recent shareholders' meeting in Stockholm, Ericsson's CEO has reaffirmed company's vision of having 50 billion internet-connected devices by 2020: "Today we already see laptops and advanced handsets connected, but in the future everything that will benefit from being connected will be connected." As an example of connected devices, a research engineer showed real life mobile health applications and how heart monitoring can be done remotely over mobile networks. more
Every public tweet since Twitter's inception in March 2006 will be acquired and archived digitally by the U.S Library of Congress, according to announcements made today. The Library has been harvesting data from the web since 2000 and currently holds "more than 167 terabytes of web-based information, including legal blogs, websites of candidates for national office, and websites of Members of Congress". While an official press release has not been issued yet, the Library says "[e]xpect to see an emphasis on the scholarly and research implications of the acquisition". The Library chose to make its first mention of the Acquisition via its official Twitter account @librarycongress. more
You may have seen media reports a few weeks ago describing how servers behind the so-called Great Firewall of China were found delivering incorrect DNS information to users in the rest of the world, thereby redirecting users to edited Web pages. Reports indicate that this apparently occurred due to a caching error by a single Internet Service Provider. While the problem was fairly limited in scope, it could have entirely been prevented in a world where DNSSEC was fully deployed. more
Bennett Haselton, who runs the Peacefire anti-censorship site, is one of the more successful anti-spam litigants. He says he's filed about 140 suits, mostly in small claims court, and has won the majority of the suits that got far enough to be decided on the merits. But last month, in Federal court in Seattle, he lost a suit against Quicken Loans that he should have won, partly because of his own mistakes, but largely because of the pernicious effect of Gordon vs. Virtumundo. more
The impact of the changes set in motion by President Obama back in late 2008 in relation to the direction the telecommunications are slowly becoming apparent and are taking many Americans by surprise, even many of the experts and analysts in this industry. This has created a lot of noise and confusion, as people are trying to understand what is happening and how it will affect them. more
The year 2010 is turning out to be the "year of DNSSEC" from Registry implementations, Registrar implementations, ISP support, to the Root being signed this summer. Because we are dealing with such critical infrastructure, it is important to not lose sight of careful implementations. more