Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
It must be tricky to be an advocate of transparency when your job involves selling serious encryption tools to government departments, large and small companies, hospitals and people who are concerned about having their bank account details hijacked from a home PC. After all, the point about good encryption software and the systems that surround it is that they provide a way to keep your secrets secret, while open government and the effective regulation of financial services would seem to require the widest possible dissemination of all sorts of operational data... more
Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline. Not completely, though, it was only a partial disconnect. The Zeus botnet, also known as Zbot, is a trojan password stealer that captures passwords and sends them to the attacker. more
Once you've determined that you can trust the signer of a message, as we discussed in part 3, it's easy to extrapolate that various portions of the message are equally trustworthy. For example, when there's a valid DKIM signature, we might assume that the From: header isn't spoofed. But in reality, DKIM only tells us two basic things... more
Shadow IT -- the use of unsanctioned software and services by employees -- is a problem. It's a big one. According to Forbes, 72 percent of executives don't know how many "shadow" apps are being used on their network. Beyond overloading network resources and impacting data compliance, there is also the real threat of security breaches from unapproved apps. Managing IT you can't see is no easy task, but fortunately it's not impossible. Here are five tips to help bring light to the shadows. more
U.S. National Security Agency (NSA) will halt its controversial warrantless surveillance program which collects Americans' emails and texts sent to and from people overseas and that mention a foreigner under surveillance, according to a New York Times report today. more
Google launched today a new effort to track the progress of encryption efforts - both at Google and on other popular websites. Google hopes the project will hold the company and others accountable to encrypt so as to enhance web safety and security. more
Are you concerned about the recent reports about government surveillance programs? Are you concerned about security and privacy online? If so, you may want to attend (in person or remotely) the INET Washington DC event happening on Wednesday, July 24, from 2:00 - 6:00 pm US Eastern time at George Washington University. Sponsored by the Internet Society and GWU's Cyber Security Policy and Research Institute, the event is free and open to the public and will also be streamed live on the Internet for those who cannot attend in person. more
Last week, millions of infected devices directed Internet traffic to DNS service provider Dyn, resulting in a Distributed Denial of Service (DDoS) attack that took down major websites including Twitter, Amazon, Netflix, and more. In a recent blog post, security expert Bruce Schneier argued that "someone has been probing the defences of the companies that run critical pieces of the Internet". This attack seems to be part of that trend. This disruption begs the question: Can we trust the Internet? more
Maintaining an 150 year old house requires two things, a lot of time and a lot of trips to the hardware store. Since the closest hardware store to my house is Home Depot, it is rare that a weekend passes without at least one trip to Home Depot. So now in the wake of the Home Depot data breach I am through no fault of my own in a situation where any or all of the bank cards I use regularly could be cancelled if the issuer decides they might be compromised. And this is not the first time this has happened to me this year. more
It has become clear that having a big cybersecurity war room is not enough to deliver true end-to-end security throughout the complex networks, systems and structures on which our modern society is based. Furthermore, looking at the forever changing draconian government interventions in this space, it is also obvious that they are often stabbing in the dark. more
In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation's President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns. more
Recent study indicates that US continues to widen its lead as the number one country when it comes to hosting phishing sites. According to the latest Brandjacking Index just released by MarkMonitor, US-hosted phishing sites grew by ten percent from last quarter -- up from 36 percent to 46 percent. Canada is now at second position with 4.7 percent of all phishing attacks, followed by the Russian Federation (4.5 percent), France (4 percent), and Denmark (4 percent). more
Nguyen Minh Duc, senior security director at Bach Khoa Internetwork Security (Bkis), says that the source of recent cyberattack against US and South Korean government websites was not North Korea -- as widely reported -- but UK. Based on Bkis analysis, a report today by Nguyen Minh Duc says that a master server located in UK was found to control the 8 Command and Control servers responsible for the series of cyberattacks last week.
more
ICANN has announced that Paul Mockapetris, inventor of the Domain Name System (DNS), has agreed to serve as Senior Security Advisor to the Generic Domains Division and its President, Akram Atallah. more
Apple announced its decision to trust only one-year digital certificates on its Safari browser in February 2020. This decision created a domino effect, with Mozilla and Google following suit; certificate providers announced they would not issue two-year certificates after Aug. 19, 2020. We wrote an article in March to help brands to prepare for this change. more
A World-Renowned Source for Internet Developments. Serving Since 2002.