Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
My main argument is about the policy of handling vulnerabilities for 6 months without patching (such as the Google attacks 0day apparently was) and the policy of waiting a whole month before patching this very same vulnerability when it first became an in-the-wild 0day exploit (it has now been patched, ahead of schedule). Microsoft is the main proponent of responsible disclosure, and has shown it is a responsible vendor... I simply call on it to stay responsible and amend its faulty and dangerous policies. more
As you've probably read, WikiLeaks has released a trove of purported CIA documents describing their hacking tools. There's a lot more that will be learned, as people work their way through the documents. For now, though, I want to focus on something that's being misreported, possibly because of deliberately misleading text by WikiLeaks itself. Here's the text from WikiLeaks... more
In support of National Cyber Security Awareness Month, DDoS Awareness Day is a virtual, global event focused on raising awareness and education around the threat of DDoS attacks. Hosted by Neustar with and exclusive media partner CSO, DDoS Awareness Day brings together top experts in global security to share their views, technical tips and from-the-trenches experience. Attendees will also be given access to a wealth of DDoS materials: white papers, surveys, presentations, best practices and more. more
Microsoft's Digital Crimes Unit - in collaboration with Financial Services - Information Sharing and Analysis Center (FS-ISAC) and NACHA - The Electronic Payments Association, as well as Kyrus Tech Inc. - has executed a coordinated global action against some of the worst known cybercrime operations fueling online fraud and identity theft, said Microsoft in an announcement today. "With this legal and technical action, a number of the most harmful botnets using the Zeus family of malware worldwide have been disrupted in an unprecedented, proactive cross-industry operation against this cybercriminal organization." more
It's true, domain data has many practical uses that individuals and organizations may or may not know about. But most would likely be interested in how it can help combat cyber threats, which have been identified as the greatest risks businesses will face this year. Dubbed as the greatest bane of most organizations today, cybersecurity can actually be enhanced with the help of domain data. How? more
A paper published by researchers from the Chinese Academy of Sciences, reports a successful demonstration of satellite-based entanglement distribution to receiver stations separated by more than 1200 km -- the results illustrate the possibility of a future global quantum communication network. more
Speaking at The Times Tech Summit in London, Ciaran Martin, chief of the National Cyber Security Centre (NCSC), warned Russia is seeking to undermine the international system. more
According to Shanghai Daily, there has been an "organized Internet attack on Tuesday night which caused serious congestion in several provinces [in China] and left millions of users unable to gain access to the Internet." This is the first time the regulator has published news about an investigation into an online attack in China within 24 hours, says Shanghai Daily. ..."It was an attack on DNS (Domain Name System) and the carriers and related firms should do more back-up to avoid similar incidents," the ministry said in a statement. more
Few months ago in a talk given at the Institution of Engineering and Technology organised here in London by the Society for Computers and Law, Professor Lessig recounted a conversation he had with former US Counter Terrorism Czar Richard Clarke, where Larry asked the question that many had in mind... how the US Government managed to conceptualize, design and draft a piece of legislation as vast and complex as the USA PATRIOT Act in such a short period of time (a month and 15 days after 9/11), and the answer was what many people had imagined... more
The COVID-19 Pandemic is causing huge social and financial shifts, but so far, its impact on network security has gone under-reported. Yet with thousands of companies worldwide requiring millions of employees to work remotely, network administrators are seeing unprecedented changes in the ways that clients are using their networks and new threats that seek to leverage the current crisis. more
One of the most embarrassing and pernicious realities in the world of cybersecurity is the stark reality that some industry cybersecurity standards practices are themselves cyber threats. How so? Most industry and intergovernmental standards bodies serve as means for assembling the constantly evolving collective knowledge of participant experts and package the resulting specifications and best practices as freely available online documents to a vast, diverse universe of users. more
Ars Technica's Dan Goodin reports that an "investigation shows the spam run worked by abusing a weakness at GoDaddy that allowed the scammers to hijack at least 78 domains belonging to Expedia, Mozilla, Yelp, and other legitimate people or organizations." more
A couple of months ago, I wrote a post posing the question of whether or not more government regulation is required in order to secure the Internet. On the one hand, anonymity is viewed in the west as a forum for freedom of speech. The anonymity of the Internet allows dissidents to speak up against unpopular governments. However, the anonymity afforded by the Internet is not so much by design as it is byproduct of its original designers not seeing how widespread it would eventually become. more
IT security specialists have known for years that the plain DNS is not to be trusted. Any hope for improvement rests on the DNSSEC protocol deployment. In this post, I will review the current status in one critical aspect, namely the DNS root signature key management. The other two foremost are the application usage of DNSSEC protocol functionality and the operational front, or the extent of deployment in the DNS infrastructure. The operational front includes the support by the DNS root nameservers, but my focus on signature key management leaves this issue aside. more
BP and the Oil Industry are taking a lot of heat these days - much of it rightly so. Moving beyond the drama and evaluating the overall response of BP and others reinforces much of what is taught in incident response training and preparation... by showing the outcomes when one does not respond well. This is probably the most important incident that the responders involved will deal with in their professional lives. For those of us working to protect Internet Infrastructure and resources there are useful lessons as we consider what is happening in the Gulf of Mexico and their response effort. more
A World-Renowned Source for Internet Developments. Serving Since 2002.