Threat Intelligence |
Sponsored by |
|
Bruce Schneier is a famous cryptography expert and Orin Kerr a famous cyberlaw professor. Together they've published a law journal article on Encryption Workarounds. It's intended for lawyers so it's quite accessible to non-technical readers. The article starts with a summary of how encryption works, and then goes through six workarounds to get the text of an encrypted message. more
The recent attacks on the DNS infrastructure operated by Dyn in October 2016 have generated a lot of comment in recent days. Indeed, it's not often that the DNS itself has been prominent in the mainstream of news commentary, and in some ways, this DNS DDOS prominence is for all the wrong reasons! I'd like to speculate a bit on what this attack means for the DNS and what we could do to mitigate the recurrence of such attacks. more
Distributed Denial of Services (DDoS) attacks have been the frustration of information technology professionals for many years. When asked, most tell you they wish their internet service providers (ISPs) would simply provide them "clean pipes" all the time and take care of DDoS attacks upstream before they ever get to them. Unfortunately, the resources (equipment and personnel) necessary to clean Internet connections all the time are very expensive and come with several downsides. more
Zoom - one of the hottest companies on the planet right now, as businesses, schools, and individuals switch to various forms of teleconferencing due to the pandemic - has come in for much criticism due to assorted security and privacy flaws. Some of the problems are real but easily fixable, some are due to a mismatch between what Zoom was intended for and how it's being used now - and some are worrisome. more
This post was co-authored by Yixin Sun, Annie Edmundson, Henry Birge-Lee, Jennifer Rexford, and Prateek Mittal. In this post, we discuss a recent thread of research that highlights the insecurity of Internet services due to the underlying insecurity of Internet routing. We hope that this thread facilitates important dialog in the networking, security, and Internet policy communities to drive change and adoption of secure mechanisms for Internet routing. more
The impact of the recently revealed US government data collection practices may go well beyond the privacy ramifications outlined in the Internet Society's statement: expect a chilling effect on global, resilient network architecture. As governments of other countries realize how much of their citizens' traffic flows through the US, whether or not it is destined for any user or service there, expect to see moves to curtail connections to and through the US. more
As the autumn leaves fall from naked trees to be trampled or encased in the winter snow, it reminds us of another year quickly gone by. Yet, for organisations that were breached and publicly scrutinised for their security lapses, it's been a long and arduous year. It was about this time last year that the news broke of Target's mega breach. Every news outlet was following the story and drip feeding readers with details, speculation and "expert opinion" on what happened, why it happened and who did it. more
During the 4th quarter of 2014, a record number of malware variants were detected -- an average of 255,000 new threats each day, according a recent report by Anti-Phishing Working Group (APWG). The group further reports that the number of unique phishing reports submitted to APWG during Q4 was 197,252 -- an increase of 18 percent from the 163,333 received in Q3 of 2014. more
A few months ago I published a blog post about Verisign's plans to increase the strength of the Zone Signing Key (ZSK) for the root zone. I'm pleased to provide this update that we have started the process to pre-publish a 2048-bit ZSK in the root zone for the first time on Sept. 20. Following that, we will publish root zones with the larger key on Oct. 1, 2016. more
I pulled together some statistics on my collection of botnet statistics for the period of time between Rustock being shut down and Wednesday, April 6. I wanted to see the distribution of botnets per country - now that Rustock is down, which country has the most botnet infections (as measured by unique IP addresses that send us spam)? more
European Union Member States published a report on the 'EU coordinated risk assessment on cybersecurity in Fifth Generation (5G) networks'. The report is based on the results of the national cybersecurity risk assessments by all EU Member States. It identifies the main threats and threats actors, the most sensitive assets, the main vulnerabilities, and several strategic risks. more
Mobile networks aren't usually thought of as sources of spam, but a quick look at some of the resources that track spam reveals they actually are. This is counter intuitive at first glance because when most people think of mobile they think of smartphones, and those aren't known to be sources of spam (at least not yet). What's really going on is PCs connected to mobile networks with air cards, or tethered with a smartphone where it's permissible, are the culprits more
Security researchers have found a new variant of the Macadocs malware to be using Google docs as a proxy server and not connecting to a command and control server directly. In a blog post on Friday, Symantec researcher Takashi Katsuki, wrote... more
As noted in my first article of this series (see part one, two and three), security and reliability encompass holistic network assessments, vulnerability assessments and penetration testing. This month I'd like to go deeper into penetration testing; however, first, let's go back for a quick refresh before getting started. more
A few days ago, CAUCE published a blog post entitled "Epsilon Interactive breach the Fukushima of the Email Industry" on our site, and the always-excellent CircleID. A small coterie of commenters was upset by the hyperbolic nature of the headline. Fair enough, an analogy usually has a high degree of probability that it will fail, and clearly, no one has died as a result of the release of what appears to be tens of millions of people's names and email addresses. But, the two situations are analogous in many other ways, and here's why. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
