Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Layered security is a concept that's important for anyone who wants to create a strong, successful defense strategy to understand. This is a strategy that relies on the use of multiple lines of defense in an attempt to repel any potential attacks. For this reason, it's based on the principle that says "no single form of protection is enough to stop a determined cybercriminal. more
IT security specialists have known for years that the plain DNS is not to be trusted. Any hope for improvement rests on the DNSSEC protocol deployment. In this post, I will review the current status in one critical aspect, namely the DNS root signature key management. The other two foremost are the application usage of DNSSEC protocol functionality and the operational front, or the extent of deployment in the DNS infrastructure. The operational front includes the support by the DNS root nameservers, but my focus on signature key management leaves this issue aside. more
Another day, another data breach, and another round of calls for companies to encrypt their databases. Cryptography is a powerful tool, but in cases like this one it's not going to help. If your OS is secure, you don't need the crypto; if it's not, the crypto won't protect your data. In a case like the Anthem breach, the really sensitive databases are always in use. more
BP and the Oil Industry are taking a lot of heat these days - much of it rightly so. Moving beyond the drama and evaluating the overall response of BP and others reinforces much of what is taught in incident response training and preparation... by showing the outcomes when one does not respond well. This is probably the most important incident that the responders involved will deal with in their professional lives. For those of us working to protect Internet Infrastructure and resources there are useful lessons as we consider what is happening in the Gulf of Mexico and their response effort. more
According to a recent Homeland Security News Wire article, nearly 8 million patient medical records were compromised over the course of the previous two years due to data security breaches. As more hospitals and patient care providers move to store patient data electronically -- primarily as a cost savings effort -- the risk and exposure of our private medical information increases while our individual control over this information diminishes. more
Ah, BYOD. How I love thee. BYOD, or "Bring Your Own Device", gives me choices. I can use a device at work I actually like and am most effective with. (How did I ever get by without my iPad?) But BYOD comes with challenges. Personal devices can be infected with malware. Once they're connected to an enterprise's network, they can be controlled by a bot master to hijack enterprise resources and wreak havoc as part of a botnet. more
Stéphane Bruno writes: "In the first few hours that followed the earthquake, mobile service was completely disrupted. It was almost impossible to place a call, due to the combination of the damages on the cellular networks and the spike in phone calls. However, on some networks, SMS service was still available. People stuck under rubbles started texting to their friends and family (in Haiti and abroad) to tell them they were still alive and needed help. Those friends and family, not knowing what to do, started posting these SOS messages on their social networks, mainly on Facebook." more
According to various news outlets, Russia is reported to be planning a complete Internet shut down, as part of a test of its cyber-defenses. more
The other day several of us were gathered in a conference room on the 17th floor of the LinkedIn building in San Francisco, looking out of the windows as we discussed some various technical matters. All around us, there were new buildings under construction, with that tall towering crane anchored to the building in several places. We wondered how that crane was built, and considered how precise the building process seemed to be to the complete mess building a network seems to be. more
Most people - mistakenly - believe that they are perfectly safe behind a firewall, network address translation (NAT) device or proxy. The fact is quite the opposite: if you can get out of your network, someone else can get in. Attackers often seek to compromise the weakest link in a network and then use that access to attack the network from the inside, commonly known as a "pivot-and-attack." more
Last week, the Federal Communications Commission (FCC) announced new privacy rules that govern how Internet service providers can share information about consumers with third parties. One focus of this rulemaking has been on the use and sharing of so-called "Consumer Proprietary Network Information (CPNI)" - information about subscribers - for advertising. The Center for Information Technology Policy and the Center for Democracy and Technology jointly hosted a panel exploring this topic last May... more
A few weeks ago, on Oct. 1, 2016, Verisign successfully doubled the size of the cryptographic key that generates DNSSEC signatures for the internet's root zone. With this change, root zone DNS responses can be fully validated using 2048-bit RSA keys. This project involved work by numerous people within Verisign, as well as collaborations with ICANN, Internet Assigned Numbers Authority (IANA) and National Telecommunications and Information Administration (NTIA). more
The abuse of well-known seal of approvals seems to be the latest ruse used by online fraudsters. Leveraging reputable names that existed long before anyone heard of the Internet is a blaring reminder that even trustworthy seals are not off limits to scammers. In fact, linking to reliable sources of reviews and certification is proving to be an essential part of any fraud strategy today. more
Over the past several years, questions about how to protect information exchanged in the DNS have come to the forefront. One of these questions was posed first to DNS resolver operators in the middle of the last decade, and is now being brought to authoritative name server operators: "to encrypt or not to encrypt?" It's a question that Verisign has been considering for some time as part of our commitment to security, stability and resiliency of our DNS operations and the surrounding DNS ecosystem. more
The March 19, 2020, guidance from the U.S. Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) declared what global citizens appreciate more each day as the COVID-19 pandemic crisis unfolds: "Functioning critical infrastructure is imperative during the response to the COVID-19 emergency for both public health and safety as well as community well-being." more
A World-Renowned Source for Internet Developments. Serving Since 2002.