Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Yahoo today announced it has agreed to pay $50 million in damages and will offer two years of free credit-monitoring services to 200 million people whose email addresses and other personal information were stolen as part of the massive security breach. more
Following in the footsteps of Lethic, Waledac and Mariposa, yet another botnet has been taken offline. Not completely, though, it was only a partial disconnect. The Zeus botnet, also known as Zbot, is a trojan password stealer that captures passwords and sends them to the attacker. more
Shadow IT -- the use of unsanctioned software and services by employees -- is a problem. It's a big one. According to Forbes, 72 percent of executives don't know how many "shadow" apps are being used on their network. Beyond overloading network resources and impacting data compliance, there is also the real threat of security breaches from unapproved apps. Managing IT you can't see is no easy task, but fortunately it's not impossible. Here are five tips to help bring light to the shadows. more
Once you've determined that you can trust the signer of a message, as we discussed in part 3, it's easy to extrapolate that various portions of the message are equally trustworthy. For example, when there's a valid DKIM signature, we might assume that the From: header isn't spoofed. But in reality, DKIM only tells us two basic things... more
Are you concerned about the recent reports about government surveillance programs? Are you concerned about security and privacy online? If so, you may want to attend (in person or remotely) the INET Washington DC event happening on Wednesday, July 24, from 2:00 - 6:00 pm US Eastern time at George Washington University. Sponsored by the Internet Society and GWU's Cyber Security Policy and Research Institute, the event is free and open to the public and will also be streamed live on the Internet for those who cannot attend in person. more
Google launched today a new effort to track the progress of encryption efforts - both at Google and on other popular websites. Google hopes the project will hold the company and others accountable to encrypt so as to enhance web safety and security. more
In the wake of the 2016 United States Presidential Election, not even six hours after Donald Trump became the nation's President-Elect, an advanced persistent threat (APT) group launched a series of coordinated and well-planned spear phishing campaigns. more
U.S. National Security Agency (NSA) will halt its controversial warrantless surveillance program which collects Americans' emails and texts sent to and from people overseas and that mention a foreigner under surveillance, according to a New York Times report today. more
Maintaining an 150 year old house requires two things, a lot of time and a lot of trips to the hardware store. Since the closest hardware store to my house is Home Depot, it is rare that a weekend passes without at least one trip to Home Depot. So now in the wake of the Home Depot data breach I am through no fault of my own in a situation where any or all of the bank cards I use regularly could be cancelled if the issuer decides they might be compromised. And this is not the first time this has happened to me this year. more
It has become clear that having a big cybersecurity war room is not enough to deliver true end-to-end security throughout the complex networks, systems and structures on which our modern society is based. Furthermore, looking at the forever changing draconian government interventions in this space, it is also obvious that they are often stabbing in the dark. more
Last week, millions of infected devices directed Internet traffic to DNS service provider Dyn, resulting in a Distributed Denial of Service (DDoS) attack that took down major websites including Twitter, Amazon, Netflix, and more. In a recent blog post, security expert Bruce Schneier argued that "someone has been probing the defences of the companies that run critical pieces of the Internet". This attack seems to be part of that trend. This disruption begs the question: Can we trust the Internet? more
Recent study indicates that US continues to widen its lead as the number one country when it comes to hosting phishing sites. According to the latest Brandjacking Index just released by MarkMonitor, US-hosted phishing sites grew by ten percent from last quarter -- up from 36 percent to 46 percent. Canada is now at second position with 4.7 percent of all phishing attacks, followed by the Russian Federation (4.5 percent), France (4 percent), and Denmark (4 percent). more
In a speech at the Internet Policy Research Initiative at MIT, British intelligence agency GCHQ director Robert Hannigan said Monday that law enforcement and intelligence officials want only targeted ways to stop what he called "abuse of encryption" by ISIS and other terrorists and criminals. more
There's been a lot of media attention in the last few days to a wonderful research paper on the weakness of 1024-bit Diffie-Hellman and on how the NSA can (and possibly does) exploit this. People seem shocked about the problem and appalled that the NSA would actually exploit it. Neither reaction is right. In the first place, the limitations of 1024-bit Diffie-Hellman have been known for a long time. RFC 3766, published in 2004, noted that a 1228-bit modulus had less than 80 bits of strength. That's clearly too little. more
Nguyen Minh Duc, senior security director at Bach Khoa Internetwork Security (Bkis), says that the source of recent cyberattack against US and South Korean government websites was not North Korea -- as widely reported -- but UK. Based on Bkis analysis, a report today by Nguyen Minh Duc says that a master server located in UK was found to control the 8 Command and Control servers responsible for the series of cyberattacks last week.
more
A World-Renowned Source for Internet Developments. Serving Since 2002.