Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
There is a classic scene in the movie, "Jaws," when Roy Scheider gets a look at the size of the shark circling his fishing vessel and says, "We're going to need a bigger boat." The same case can be made for CIOs dealing today with application security. Hackers from all over the world are circling business and government like great whites looking for vulnerabilities in Internet-facing applications. The growth of applications is great for doing business but they have become chum in the water for predators. more
A couple of months ago, I wrote a post posing the question of whether or not more government regulation is required in order to secure the Internet. On the one hand, anonymity is viewed in the west as a forum for freedom of speech. The anonymity of the Internet allows dissidents to speak up against unpopular governments. However, the anonymity afforded by the Internet is not so much by design as it is byproduct of its original designers not seeing how widespread it would eventually become. more
As many of you may know, today .ORG announced that all of its 8.5 million domains are now able to be fully DNSSEC signed - the largest set of domain names in the world so far that has access to this key security upgrade. .. The widespread publicity that the Kaminsky bug got around the world vindicated a decision made in several companies to invest time, effort and money into deploying DNSSEC. The community was split on the value of the DNSSEC effort -- many thought the deployment was quixotic, while a few others thought it was appropriate. more
Attendees at the public ICANN meeting in Brussels today heard from over two dozen companies that have implemented or are planning to support DNSSEC, the next-generation standard protocol for secured domain names. It is clearer than ever before that DNSSEC is becoming a reality. more
Duncan Geere reporting in Wired: "Since the slow introduction of internet monitoring systems around the world began, more and more people have attempted to preserve their privacy by signing up for VPN services like the Pirate Bay's Ipredator and Pirate Party offering Relakks. But it turns out that there's a gaping security flaw in these services that allows individual users to be identified..." more
BP and the Oil Industry are taking a lot of heat these days - much of it rightly so. Moving beyond the drama and evaluating the overall response of BP and others reinforces much of what is taught in incident response training and preparation... by showing the outcomes when one does not respond well. This is probably the most important incident that the responders involved will deal with in their professional lives. For those of us working to protect Internet Infrastructure and resources there are useful lessons as we consider what is happening in the Gulf of Mexico and their response effort. more
Introduced by ranking Senate members of the Homeland Security and Governmental Affairs Committee, the Protecting Cyberspace as a National Asset Act of 2010, S.3480 is intended to create an Office of Cyber Policy in the executive branch of the government, confirmed by the Senate and ultimately reporting to the president. Senators Joe Lieberman, Blanche Lincoln and Tom Carper introduced the bill publicly on June 10, and a critical part of the bill is that critical infrastructure networks such as electricity grids, financial systems and telecommunications networks need to cooperate with the Office of Cyber Policy. more
J.D. Falk writes: Last week, MAAWG quietly published a new document titled "Overview of DNS Security - Port 53 Protection." [PDF] The paper discusses cache poisoning and other attacks on the local DNS, including likely effects of such a compromise and what access providers may be able to do to prevent it. more
In a report released today by The North American Electric Reliability Corporation (NERC) and the U.S. Department of Energy (DOE), cyber attacks are among the top high-impact risks -- "with potential to significantly affect the reliability of the North American bulk power system." Certain protections and mitigations are already in place to address these risks, and this study has been released to help public utility commissions, and the federal government to further prepare for these potential risks. more
The most recent episode of The Ask Mr. DNS Podcast offers up some disturbing corroborating evidence as to the extent of DNS filtering and outright blocking occurring in China. VeriSign's Matt Larson and InfoBlox's Cricket Liu, who co-host the geeky yet engaging and extremely informative show, held a roundtable discussion including technical experts from dynamic name service providers (better known as "managed DNS" services) DynDNS, TZO, No-IP, and DotQuad, as well as Google and Comcast. more
A recent study reveals a browser history detection method, largely dismissed as an issue with minimal impact, can in fact be used against a vast majority of Internet users with significant malicious potential. Researchers, Artur Janc and Lukasz Olejnik, analyzed real-world results obtained from 271,576 Internet users and have reported the results in a paper titled, "Feasibility and Real-World Implications of Web Browser History Detection". more
The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010. While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet. more
Pioneering cryptographer Whitfield 'Whit' Diffie has joined the Internet Corporation for Assigned Names and Numbers (ICANN) as Vice President for Information Security and Cryptography. Diffie will provide advice on general security matters related to ICANN's mandate, and to ICANN in the design, development and implementation of security methods for ICANN-managed networks. He will oversee the continuous improvement and 'best practices' process for information security and cryptography. more
In case you missed it, last Thursday, May 6, we saw a remarkable day on the stock markets. The day started off with some selling which went down neat and orderly. Suddenly, around 2:40 pm eastern time, the market started selling off rapidly taking huge hits in in the span of 30 minutes. It was an incredible ride and at one point, the Dow Jones average was off 1000 points for the day, the largest drop in history (though not the largest percentage drop). It was kind of like October of 1987. more
Brian Krebs reporting on the Krebs on Security blog: "The FBI's top anti-cyber crime official today said the agency is planning a law enforcement action against so-called 'money mules,' individuals willingly or unwittingly roped into helping organized computer crooks launder money stolen through online banking fraud." more
A World-Renowned Source for Internet Developments. Serving Since 2002.