Threat Intelligence |
Sponsored by |
|
Now that IPv6 is being actively deployed around the world, security is more and more a growing concern. Unfortunately, there are still a large number of myths that plague the IPv6 security world. These are things that people state as fact but simply aren't true. While traveling the world, talking to the people who've already deployed IPv6, I've identified what I believe are the ten most common IPv6 security myths. more
As I read through multiple postings covering the proposed Computer Fraud and Misuse Act, such as the ever-insightful writing of Rob Graham in his Obama's War on Hackers or the EFF's analysis, and the deluge of Facebook discussion threads where dozens of my security-minded friends shriek at the damage passing such an act would bring to our industry, I can't but help myself think that surely it's an early April Fools joke. more
The White House has announced a new proposal to fix cybersecurity. Unfortunately, the positive effects will be minor at best; the real issue is not addressed. This is a serious missed opportunity by the Obama adminstration; it will expend a lot of political capital, to no real effect... The proposals focus on two things: improvements to the Computer Fraud and Abuse Act and provisions intended to encourage information sharing. At most, these will help at the margins; they'll do little to fix the underlying problems. more
When a business gets hacked and its corporate information is dumped on the Internet for all and sundry to see (albeit illegally), the effects of that breach are obviously devastating for all concerned. In many ways it's like the day after a fierce storm has driven a super-cargo container ship aground and beachcombers from far and wide have descended upon the ruptured carcass of metal to cart away anything they think has value or can be sold by the side of road. more
The Spamhaus Project just published a long article about the botnets they've been watching during 2014. As this chart shows, we're not making any progress. They also note that the goals of botnets have changed. While in the past they were mostly used to send spam, now they're stealing banking and financial information, engaging in click fraud, and used for DDoS and other malicious mischief. more
On December 17th a US proposal for online commerce in a major trade negotiation, the Trade in Services Agreement ("TISA") leaked. A flurry of press releases and opinion pieces claim that TISA is a threat to the Internet. The headlines are lurid: "TISA leak: EU Data Protection and Net Neutrality Threatened" and "Leaked TISA text exposes US threat to privacy, civil rights"... Because I've spent years in Geneva regularly meeting with and advising negotiators on the networked economy I have a very different perspective. more
My Twitter feed has exploded with lots of theorizing about whether or not North Korea really hacked Sony. Most commentators are saying "no", pointing to the rather flimsy public evidence. They may be right -- but they may not be. Worse yet, we may never know the truth. One thing is quite certain, though: the "leaks" to the press about the NSA having concluded it was North Korea were not unauthorized leaks; rather, they were an official statement released without a name attached. more
The recent huge security breach at Sony caps a bad year for big companies, with breaches at Target, Apple, Home Depot, P.F.Changs, Neiman Marcus, and no doubt other companies who haven't admitted it yet. Is this the new normal? Is there any hope for our private data? I'm not sure, but here are three observations... This week Brian Krebs reported on several thousand Hypercom credit card terminals that all stopped working last Sunday. Had they all been hacked? more
As the autumn leaves fall from naked trees to be trampled or encased in the winter snow, it reminds us of another year quickly gone by. Yet, for organisations that were breached and publicly scrutinised for their security lapses, it's been a long and arduous year. It was about this time last year that the news broke of Target's mega breach. Every news outlet was following the story and drip feeding readers with details, speculation and "expert opinion" on what happened, why it happened and who did it. more
Wait and see approach on abuse attracts ICANN Stakeholder attention: A few weeks ago I made a detailed argument as to why product safety applies to domains, just like it does to cars and high chairs. I also argued that good products equal good business or "economically advantaged" in the long run. Then I really made a strong statement, I said if we don't actively engage other Internet stakeholders -- those that interact with our products, we would eventually lose the opportunity to self-regulate. more