Threat Intelligence |
Sponsored by |
About a week ago, I posted that Australia was getting ISPs to boot infected computers off of their network. I commented on whether or not this was a good policy. However, there was one thing in that article that I wanted to comment on but didn't... more
For the last couple of years, the most common attack vector against the DNS system is the attack against the registrar. Either the attack is on the software itself using weaknesses in the code that could inject DNS changes into the TLD registry, or social engineering the registrar support systems and the attacker receives credentials that in turn allows the attacker to perform malicious changes in DNS. DNSSEC is the common security mechanism that protects the DNS protocol, but by using the registrar attack, any changes will result in a proper working DNS delegation. more
The security vendor-phobe at the head of the conference bangs on the podium with his shoe declaring that "The greatest threat comes from within! (buy our product for your network's salvation)." Fear as a marketing strategy can never be underestimated. Particular when the fear is of the misunderstood. Media helps stoke the flames of fear-marketing with stories of fired or disgruntled IT staff who reportedly effectuate their revenge on former employers by bricking systems. more
As announced this morning, the Messaging Anti-Abuse Working Group (MAAWG) has established formal relationships with the Internet Engineering Task Force (IETF) and the BITS/Financial Services Roundtable... It's often said that there are too many different organizations working on the overlapping areas of abuse, trust, and related issues. I believe the collaborative approach MAAWG has chosen will bridge these gaps. more
U.S. National Security Agency (NSA) will halt its controversial warrantless surveillance program which collects Americans' emails and texts sent to and from people overseas and that mention a foreigner under surveillance, according to a New York Times report today. more
It must be tricky to be an advocate of transparency when your job involves selling serious encryption tools to government departments, large and small companies, hospitals and people who are concerned about having their bank account details hijacked from a home PC. After all, the point about good encryption software and the systems that surround it is that they provide a way to keep your secrets secret, while open government and the effective regulation of financial services would seem to require the widest possible dissemination of all sorts of operational data... more
Yahoo today announced it has agreed to pay $50 million in damages and will offer two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the massive security breach. more
According to press reports, DHS is going to require federal computer contractors to scan for holes and start patching them within 72 hours. Is this feasible? It's certainly a useful goal. It's also extremely likely that it will take some important sites or applications off the air on occasion - patches are sometimes buggy (this is just the latest instance I've noticed), or they break a (typically non-guaranteeed or even accidental) feature that some critical software depends on. more
Kaspersky Lab Expert, Fabio Assolini, has provided detailed description of an attack which as been underway in Brazil since 2011 using 1 firmware vulnerability, 2 malicious scripts and 40 malicious DNS servers, affecting 6 hardware manufacturers, resulting in millions of Brazilian internet users falling victim to a sustained and silent mass attack on DSL modems. more
There are a lot of theories flying around about why Twitter and other social media services got knocked offline yesterday. I've heard rumors about it being linked to political tension between Georgia and Russia. Others blame Iran for the outages. I'm not a political commentator, therefore I cannot comment on anyone's political views -- but I have some logic and common sense, and I can draw some objective conclusions. more
One of the most embarrassing and pernicious realities in the world of cybersecurity is the stark reality that some industry cybersecurity standards practices are themselves cyber threats. How so? Most industry and intergovernmental standards bodies serve as means for assembling the constantly evolving collective knowledge of participant experts and package the resulting specifications and best practices as freely available online documents to a vast, diverse universe of users. more
Last week, the Federal Communications Commission (FCC) announced new privacy rules that govern how Internet service providers can share information about consumers with third parties. One focus of this rulemaking has been on the use and sharing of so-called "Consumer Proprietary Network Information (CPNI)" - information about subscribers - for advertising. The Center for Information Technology Policy and the Center for Democracy and Technology jointly hosted a panel exploring this topic last May... more
ICANN has announced that Paul Mockapetris, inventor of the Domain Name System (DNS), has agreed to serve as Senior Security Advisor to the Generic Domains Division and its President, Akram Atallah. more
Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline. Not completely, though, it was only a partial disconnect. The Zeus botnet, also known as Zbot, is a trojan password stealer that captures passwords and sends them to the attacker. more
Symantec today announced that it has signed a definitive agreement to acquire VeriSign's identity and authentication business, which includes the Secure Sockets Layer (SSL) Certificate Services, the Public Key Infrastructure (PKI) Services, the VeriSign Trust Services and the VeriSign Identity Protection (VIP) Authentication Service. more