Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Stepping back from the DMARC arguments, it occurs to me that there is a predictable cycle with every new e-mail security technology... Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or (this month's mini-fiasco) PGP in DANE. Each scheme has a model of the way that mail works. For some subset of e-mail, the model works great, for other mail it works less great. more
Two principles in computer security that help bound the impact of a security compromise are the principle of least privilege and the principle of minimum disclosure or need-to-know. As described by Jerome Saltzer in a July 1974 Communications of the ACM article, Protection and the Control of Information Sharing in Multics, the principle of least privilege states, "Every program and every privileged user should operate using the least amount of privilege necessary to complete the job." more
On May 7, hackers breached parts of the computer systems that run Baltimore's government, taking down essential systems such as voice mail, email, a parking fines database, payment systems used for water bills, property taxes, real estate transactions and vehicle citations. more
Two US Government contractors and the National Institute of Science and Technology have released a white paper, "Statement of Needed Internet Capability," detailing possible alternatives and considerations for a Trust Anchor Repository (TAR) to support DNSSEC deployment. The document was released through the DNSSEC-Deployment Group this week with a request that it be circulated as widely as possible to gather feedback. A Trust Anchor Repository (TAR) refers to the concept of a DNS resource record store that contains secure entry point keys... more
The bring-your-own-device (BYOD) trend continues to make corporate inroads. According to Security Intelligence, more than 60 percent of enterprises now allow or "tolerate" employee mobile device use in the workplace. But companies still have significant security concerns, especially when it comes to the specter of lost data. Here are seven tips to boost BYOD security in 2015. more
In the first part of this trilogy, I discussed the importance of automatically provisioned second generation DNS in connection with Software Defined Networking (SDN) and Software Defined Data Centre (SDDC). In the second post, I talked about IP addressing, private enterprise networks, and how DHCP does not meet the requirements of multitenant Infrastructure-as-a-Service (IaaS) cloud environments. I will now wrap up this trilogy by putting these two thesis into real-life context. more
Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more
The Virus Bulletin Conference last month had some good presentations, including this one by Fabio Assolini of Kaspersky. He spoke about how Brazil is the the newest up-and-comer on the cyber crime block. The tale begins with the story of Igor and Emily, two cyber criminals operating out of Brazil. Together, the two of them stole $300,000 US from a single Brazilian bank in one year. more
In light of recent controversies around the implementation of dotless domains, the Internet Architecture Board (IAB) has released a statement calling the practice harmful. From the executive summary: "It has come to the attention of the IAB that there are proposals for so-called "dotless" domains in the root zone, and that some existing top-level domains (TLDs) are already operating in such a mode. TLD operators of dotless domains are intending that single label names -- those containing no dots -- resolve to the TLD itself, rather than be resolved locally, within the context of the local site at which the user resides." more
Pinning down the number of infected computers is really, really hard. I'd go as far as saying it's practically impossible to calculate, let alone observe. Still, that's not going to stop people from attempting to guess or extrapolate from their own observations. Over the years I've heard "reliable" numbers ranging from 10% through to 60% -- and I don't trust any of them. There's a whole gaggle of reasons why the numbers being thrown out to the public are inaccurate and should ideally be interpreted with a lot of skepticism by any right-minded folks. more
Today we publish an overview of domains registered through Domain Silver, Inc, a registrar operating in the .pl domain. This Registrar started operating in May 2012. Since that time, the CERT Polska team started to observe a large increase in the amount of malicious domains registered in .pl and to receive many complaints concerning domains registered through Domain Silver. more
An international group of more than 360 cyber threat intelligence researchers from over 40 countries have joined forces to help the medical sector amid the COVID-19 crisis. more
Did you know that over 50% of .CZ domains are now signed with DNS Security Extensions (DNSSEC)? Or that over 2.5 million .NL domains and almost 1 million .BR domains are now DNSSEC-signed? Were you aware that around 80% of DNS clients are now requesting DNSSEC signatures in their DNS queries? And did you know that over 100,000 email domains are using DNSSEC and DANE to enable secure email between servers? more
The outbreak of COVID-19 has caused worldwide disruption -- for whole nations and their economies. Unfortunately, there will be some side effects for businesses. A number of brands will disappear from the streets and shelves, as businesses that fail to weather the storm will have to fold. Companies that do survive will likely focus more on their core markets, pulling brands out of higher risk, less profitable markets... more
The Internet of today is awash with networking protocols, but at its core lie a handful that fundamentally keep the Internet functioning. From my perspective, there is no modern Internet without DNS, HTTP, SSL, BGP, SMTP, and NTP. Of these most important Internet protocols, NTP (Network Time Protocol) is the likely least understood and has the least attention and support. Until very recently, it was supported (part-time) by just one person. more
A World-Renowned Source for Internet Developments. Serving Since 2002.