Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
When it comes to protecting the end user, the information security community is awash with technologies and options. Yet, despite the near endless array of products and innovation focused on securing that end user from an equally broad and expanding array of threats, the end user remains more exposed and vulnerable than at any other period in the history of personal computing. more
Chancellor George Osborne announces government plan to almost double its investment in cyber security initiatives over the next five years, spending an additional £1.9 billion. more
A couple of days ago there was a lot of interest in how terrorists may have been using chat features of popular video console platforms (e.g. PS4, XBox One) to secretly communicate and plan their attacks. Several journalists on tight deadlines reached out to me for insight in to threat. Here are some technical snippets on the topic that may be useful for future reference. more
Google in partnership with the University of Michigan and the University of Illinois, has published the results of a multi-year study that measured how email security has evolved since 2013. Although Gmail was the foundation of the research, insights from the study are believed to be applicable to email more broadly. more
If a scholar was to look back upon the history of the Internet in 50 years' time, they'd likely be able to construct an evolutionary timeline based upon threats and countermeasures relatively easily. Having transitioned through the ages of malware, phishing, and APT's, and the countermeasures of firewalls, anti-spam, and intrusion detection, I'm guessing those future historians would refer to the current evolutionary period as that of "mega breaches" (from a threat perspective) and "data feeds". more
The internet activity of everyone in UK will have to be stored for one year by Internet service providers, under the new surveillance law plans. "This duty would include forcing firms to hold a schedule of which websites someone visits and the apps they connect to through computers, smartphones, tablets and other devices. Police and other agencies would be then able to access these records in pursuit of criminals -- but also seek to retrieve data in a wider range of inquiries, such as missing people." more
The public cloud services market in the mature Asia/Pacific (AP) region is on pace to grow 8.7 percent in 2015 to total $7.3 billion, up from $6.7 billion in 2014, according to new research from Gartner. more
Are you ready to help me make the Internet more secure? Here's your chance to join me in a project to create an open-source hardware device to protect email, files and other data from hackers and government spies. The CrypTech Project was founded in late 2013 after NSA whistleblower Edward Snowden revealed that the US and other governments were exploiting weak cryptography and loose standards to gain access to citizens' email, documents, and other files. more
U.S. and Britain plan to conduct a test later this month to assess how regulators for the world's two biggest financial centers in New York and London would communicate in the event of a major cyberattack or broader IT problems, a spokesman for British government cybersecurity body CERT-UK said on Monday. more
Responding to a recent New York Times article which warned the possibility of Russian submarines possessing the ability to sabotage undersea communication cables, Doug Madory, Director of Internet Analysis at Dyn, calls them exaggerated scenarios. more
DMARC is an anti-phishing technique that AOL and Yahoo repurposed last year to help them deal with the consequences of spam to (and apparently from) addresses in stolen address books. Since DMARC cannot tell mail sent through complex paths like mailing lists from phishes, this had the unfortunate side effect of screwing up nearly every discussion list on the planet. Last week the DMARC group published a proposal called ARC, for Authenticated Received Chain, that is intended to mitigate the damage. What is it, and how likely is it to work? more
Russian submarines and spy are reported to be aggressively operating near vital undersea cables that carry global Internet communications, according to a story in the New York Times. The issue is raising concerns among some American military and intelligence officials regarding the possibility that Russians might be planning to attack those lines in times of tension or conflict. more
There's been a lot of media attention in the last few days to a wonderful research paper on the weakness of 1024-bit Diffie-Hellman and on how the NSA can (and possibly does) exploit this. People seem shocked about the problem and appalled that the NSA would actually exploit it. Neither reaction is right. In the first place, the limitations of 1024-bit Diffie-Hellman have been known for a long time. RFC 3766, published in 2004, noted that a 1228-bit modulus had less than 80 bits of strength. That's clearly too little. more
Over 260 global network and security experts have collectively responded to the newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices such as Wi-Fi routers by proposing a new approach to improve the security of these devices. The letter warns FCC ruling will cause more harm than good and risk a significant overreach of the Commission's authority. more
NANOG 65 was once again your typical NANOG meeting: a set of operators, vendors, researchers and others for 3 days, this time in Montreal in October. Here's my impressions of the meeting... The opening keynote was from Jack Waters from Level 3, which looked back over the past 25 years of the Internet, was interesting to me in its reference to the "Kingsbury Letter". more
A World-Renowned Source for Internet Developments. Serving Since 2002.