Threat Intelligence |
Sponsored by |
|
While reading Reuters I came across a news article indicating that a number of high profile agencies - from the United Nations to the Canadian Government to government of Taiwan - were broken into over a period of the past five years. ... I'll say it right now, even though I haven't been briefed on it. It was China. more
In the US administration, we see important people like incoming Secretary of Defense Leon Panetta say at his Senate confirmation hearing that "a strong likelihood that the next Pearl Harbor" could well be a cyberattack that cripples the U.S. power grid and financial and government systems. He also said that cybersecurity will be one of the main focuses of his tenure at the Pentagon. But when you look at what is actually happening in cyber security, there is more position jockeying than there is real progress. more
I've written recently about a general purpose method called DNS Response Policy Zones (DNS RPZ) for publishing and consuming DNS reputation data to enable a market between security companies who can do the research necessary to find out where the Internet's bad stuff is and network operators who don't want their users to be victims of that bad stuff... During an extensive walking tour of the US Capitol last week to discuss a technical whitepaper with members of both parties and both houses of the legislature, I was asked several times why the DNS RPZ technology would not work for implementing something like PROTECT-IP. more
DNSSEC is a hot topic. It's a technology newly unleashed on popular networking, which has led to countless articles and posts on the subject, including right here on CircleID. The way a lot of articles try to get your attention is to talk about a technology, like DNSSEC, in a way that makes the technology either seem really significant or really complicated. That is why a lot of articles about DNSSEC make it sound like something huge, complicated, and scary. But it's not. more
The Associated Press published an article today that the Pentagon revealed that earlier this year, they suffered one of its largest ever loss of sensitive data to a foreign government by a cyberattack. ... It's hard to say what's right and what's wrong. On the one hand, the Secretary of Defense says that the cyberwar is very real. On the other hand, the cyberczar Howard Schmidt said that there is no cyberwar and instead government needs to focus its efforts to fight online crime and espionage... more
A fledgling international cyber security alliance is continuing to gather backing from private business, according to a recent article published on ComputerWeekly.com. The International Cyber Security Protection Alliance (ICSPA) aims to support law enforcement agencies in countries that lack the resources to fight cybercrime. Commercial security organizations such as McAfee and Trend Micro are supporting the alliance. more
As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more
Ever since I heard of the new generic Top-Level Domains (gTLDs), I wondered whether they would be prone to abuse. For example, Microsoft might want to register www.microsoft.microsoft, or Sony might want to register www.sony. But isn't this opening up the floodgates for spammers to register their own domains and squat on them? Why couldn't a spammer register www.cit.ibank? They could then send phishing messages and fool people into clicking very legitimate looking domains. But I don't think this will be a problem. more
The recent announcement of a 13-year old security flaw found in an Open Source security library has renewed the debate between open source and closed source software. The library, crypt_blowfish, allows for fast two-way password encryption. The flaw introduces the potential for passwords to be easily compromised and affects PHP and a number of Linux distributions that include the crypt_blowfish library. more
Email is a complex service and email abuse adds confusing deceptions. Worse, like postal mail and even telephone service, Internet mail is inherently open, flexible and even anonymous, making things much easier for abusers. Bad actors hide their true identity and their true purpose. Most other communication tools for users also are also quite open, and problems with email are being replicated elsewhere, such as instant messaging and social media. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
