Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
If there were a lifetime achievement award for losing lawsuits for being annoying, Sanford Wallace would be a shoo-in. Fifteen years ago, his junk faxing was a major impetus for the TCPA, the law outlawing junk faxes. Later in the 1990s, his Cyber Promotions set important legal precedents about spam in cases where he lost to Compuserve and AOL. Two years ago, he lost a suit to FTC who sued his Smartbot.net for stuffing spyware onto people's computers. And now, lest anyone think that he's run out of bad ideas, he's back, on the receiving end of a lawsuit from MySpace... more
Last week, my colleagues over at Sunbelt Software discovered a bogus Windows domain being registered earlier this month (where the "w" in "windows" is actually two "v"s). Today, I've been alerted to the fact that are several additional Windows domains which have registered where the "w"s have been also been replaced with "v"s... more
With my post earlier this month about the possibility of SIP botnets [also featured here on CircleID], I've had a number of people asking about more information and wondering about the possible impacts. And while I will write more on botnets in general, as far as the potential impact of "botnets" in general, one need only look over at the current situation in Estonia... Now, perhaps Russia is behind the attack... perhaps not. There are obviously much larger political issues going on between the two states. more
Fergie replied on NANOG to my recent post on the subject of broadband routers insecurity: "I'll even go a step further, and say that if ISPs keep punting on the whole botnet issue, and continue to think of themselves as 'common carriers' in some sense -- and continue to disengage on the issue -- then you may eventually forced to address those issues at some point in the not-so-distant future..." He is right, but I have a comment I felt it was important - to me - to make. Not just on this particular vulnerability, but on the "war"... more
In this post I'd like to discuss the threat widely circulated insecure broadband routers pose today. We have touched on it before. Today, yet another public report of a vulnerable DSL modem type was posted to bugtraq, this time about a potential WIRELESS flaw with broadband routers being insecure at Deutsche Telekom. I haven't verified this one myself but it refers to "Deutsche Telekom Speedport w700v broadband router"... more
In a recent article at TechWeb, the following observations were made: "Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers... Finnish-based F-Secure has identified more than 30 registered domain names for resale that would be of interest only to the legitimate holder of the trademark or to phishers..." more
The United States' reluctance to invest in IPv6 makes it more likely that China will be in a position to gain the first-mover advantage it seeks. ...Liu Dong, president of the Beijing Internet Institute sums it up succinctly: "We think we can develop the killer applications," he says. China plans to show the rest of the world just how advanced its Internet is at the 2008 Olympics in Beijing. CNGI will control the facilities -- everything from security cameras to the lighting and thermostats -- at the Olympic venues, and events will be broadcast live over the Internet. Even the taxis in Beijing's snarled traffic will connect to CNGI via IPv6 sensors so that dispatchers will be able to direct their drivers away from congestion. more
The UK today is one of the main attack targets by phishing organized crime groups, globally. Phishing damages will amount to about two billions USD in 2006 worldwide -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages. In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users... more
The DNSSEC is a security protocol for providing cryptographic assurance (i.e. using the public key cryptography digital signature technology) to the data retrieved from the DNS distributed database (RFC4033). DNSSEC deployment at the root is said to be subject to politics, but there is seldom detailed discussion about this "DNS root signing" politics. Actually, DNSSEC deployment requires more than signing the DNS root zone data; it also involves secure delegations from the root to the TLDs, and DNSSEC deployment by TLD administrations (I omit other participants involvement as my focus is policy around the DNS root). There is a dose of naivety in the idea of detailing the political aspects of the DNS root, but I volunteer! My perspective is an interested observer. more
I'm continually amazed by the amount of FUD being spread with regard to VoIP security threats. People...the sky is not falling. VoIP isn't e-mail. It isn't implemented like e-mail, it won't be implemented like e-mail (maybe "it shouldn't be implemented like e-mail" is a more appropriate statement). Following best security practices will ensure at least a level of security equivalent to current TDM systems. Best FUD I've heard this week: VoIP is insecure because you can simply put a bridge on an ethernet line and capture a stream. Hey, has anyone ever heard of alligator clips? more
Iran is seeking to monetize and potentially weaponize subsea internet cables beneath the Strait of Hormuz, exposing how modern geopolitical conflicts increasingly threaten the digital infrastructure underpinning global finance, communications and trade. more
As cross-border cyber enforcement falters, critics argue Article 19's DNS abuse framework prioritizes procedural purity over user protection, leaving courts too slow to counter AI-driven phishing, rapid-flux domains, and increasingly automated online threats. more
Google says cybercriminals and state-backed hackers are rapidly adopting generative AI to automate attacks, disguise malware, exploit vulnerabilities and spread disinformation, marking a shift from experimental use to industrial-scale cyber operations across the global threat landscape. more
Cybersecurity pioneer Steven Bellovin's new book strips away jargon and outdated online-safety advice, offering ordinary users practical guidance on passwords, phishing, privacy and digital habits in an era of constant cyber threats and increasingly sophisticated scams. more
Self-propagating malware hidden in open-source software is targeting Iranian systems, wiping data on infected machines while sparing others, signalling a shift towards precise, politically motivated cyber sabotage through widely trusted digital supply chains. more
A World-Renowned Source for Internet Developments. Serving Since 2002.