Threat Intelligence

Sponsored
by

Noteworthy

Reverse WHOIS: A Powerful Process in Cybersecurity

WHOIS History API: Powering Domain Investigations

Domain Research and Monitoring: Keeping an Eye on the Web for You

Threat Intelligence / Most Commented

Unexpected Behaviour Observed With DNS Root Servers After Cryptographic Change

The DNS root servers were reported by Verisign to be under unexpected attack from name servers across the Internet following ICANN's recent changes to their cryptographic master keys. more

Taking a Multi-Stakeholder Look at Cyber Norms

Recently we've seen several examples of likely state sponsored security incidents of which the appropriateness was later strongly debated. Incidents such as states impacting commercial enterprises during cyber attacks; purported sabotage of critical infrastructure, and attacks on civilian activists have all, to a greater or lesser degree, led to concerns being raised by both civilian watchdog groups, academics, technologists and governments. more

Why Foldering Adds Very Little Security

I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more

The Economics of Hacking an Election

There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics. There are two assertions I'll make up front. First, the attacker -- any attacker -- is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders -- but they're still limited. Why? more

Security, Standards, and IoT: Will Connected Devices Flourish Under Prescriptive Regimes?

Security for Internet-connected devices, the "Internet of Things" (IoT), is critically important. Now, more than ever, it is top of mind for device manufacturers, network operators, consumer advocates, lawmakers, and government regulators -- domestically and internationally. In the face of recent attacks, government authorities and consumer advocates have proposed legislation, frameworks, certifications, and labeling schemes. more

A European Perspective on the Equifax Hack: Encouraging Data Security Through Regulation

The Equifax hack is understood to have compromised the personal data of over 140 million individuals. Although recent hacks of other businesses have affected more individuals, the personal data held by Equifax is significantly more sensitive than the data compromised in other hacks and includes Social Security numbers, birth dates, current and previous addresses and driver licence details... (Co-authored by Peter Davis and Brendan Nixon.) more

Not Quite Two Factor, or Is Your Phone Number Really Something You Have?

A recent article in the New York Times Dealbook column reported on phone number hijacking, in which a bad guy fraudulently takes over someone's mobile phone number and used it to reset credentials and drain the victim's account. It happens a lot, even to the chief technologist of the FTC. This reminds us that security is hard, and understanding two-factor authentication is harder than it seems. more

Major Flaw Found in WannaCry Raises Questions on Whether it was Really a Ransomware

An extensive analysis of WannaCry seems to indicate attackers would be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis. more

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more

IoT Devices Will Never Be Secure - Enter the Programmable Networks

Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more

Wikileaks, the CIA, and the Press

As you've probably read, WikiLeaks has released a trove of purported CIA documents describing their hacking tools. There's a lot more that will be learned, as people work their way through the documents. For now, though, I want to focus on something that's being misreported, possibly because of deliberately misleading text by WikiLeaks itself. Here's the text from WikiLeaks... more

Mitigating DDoS

Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more

Trust Isn’t Easy: Drawing an Agenda from Friday’s DDoS Attack and the Internet of Things

Last week, millions of infected devices directed Internet traffic to DNS service provider Dyn, resulting in a Distributed Denial of Service (DDoS) attack that took down major websites including Twitter, Amazon, Netflix, and more. In a recent blog post, security expert Bruce Schneier argued that "someone has been probing the defences of the companies that run critical pieces of the Internet". This attack seems to be part of that trend. This disruption begs the question: Can we trust the Internet? more

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more

Why More Effort Won’t Solve the Exceptional Access Problem

In the debate over government "exceptional access" to encrypted communications, opponents with a technical bent (and that includes me) have said that it won't work: that such a scheme would inevitably lead to security problems. The response -- from the policy side, not from technical folk - has been to assert that perhaps more effort would suffice. FBI Director James Comey has said, "But my reaction to that is: I'm not sure they've really tried." Hillary Clinton wants a "Manhattan-like project, something that would bring the government and the tech communities together". More effort won't solve the problem - but the misunderstanding lies at the heart of why exceptional access is so hard. more