Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Possibly the first documented native IPv6 DDoS attack reported today suggests a DNS dictionary attack which originated from around 1,900 different native IPv6 hosts, on more than 650 different networks. more
According to Akamai, the incident was the largest attack seen to date, "more than twice the size of the September 2016 attacks that announced the Mirai botnet and possibly the largest DDoS attack publicly disclosed." more
One of the problems with trying to secure systems is the lack of knowledge in the community about what has or hasn't worked. I'm on record as calling for an analog to the National Transportation Safety Board: a government agency that investigates major outages and publishes the results. In the current, deregulatory political climate, though, that isn't going to happen. But how about a voluntary system? more
Former Yahoo CEO Marissa Mayer apologized today at the Senate Commerce, Science and Transportation hearing regarding massive data breaches at the internet company, blaming Russian agents. more
The argument for end-to-end encryption is apparently heating up with the work moving forward on TLSv1.3 currently in progress in the IETF. The naysayers, however, are also out in force, arguing that end-to-end encryption is a net negative... The idea of end-to-end encryption is recast as a form of extremism, a radical idea that should not be supported by the network engineering community. Is end-to-end encryption really extremist? Is it really a threat to the social order? more
The website designated by Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, reports Brian Krebs in KrebsOnSecurity. more
The Equifax hack is understood to have compromised the personal data of over 140 million individuals. Although recent hacks of other businesses have affected more individuals, the personal data held by Equifax is significantly more sensitive than the data compromised in other hacks and includes Social Security numbers, birth dates, current and previous addresses and driver licence details... (Co-authored by Peter Davis and Brendan Nixon.) more
As you've undoubtedly heard, the Equifax credit reporting agency was hit by a major attack, exposing the personal data of 143 million Americans and many more people in other countries. There's been a lot of discussion of liability; as of a few days ago, at least 25 lawsuits had been filed, with the state of Massachusetts preparing its own suit. It's certainly too soon to draw any firm conclusions... but there are a number of interesting things we can glean from Equifax's latest statement. more
A recent article in the New York Times Dealbook column reported on phone number hijacking, in which a bad guy fraudulently takes over someone's mobile phone number and used it to reset credentials and drain the victim's account. It happens a lot, even to the chief technologist of the FTC. This reminds us that security is hard, and understanding two-factor authentication is harder than it seems. more
Building IoT ventures from scratch by prototyping hardware devices and their backend systems as well as working for a large company that tries to sell IoT devices itself, we learned a lot about the pitfalls and problems concerning security in the IoT. Nearly every connected device out there proved to be vulnerable to attacks. Researchers showed that it's possible to remotely take control over autonomous vehicles, implanted medical devices were manipulated, voting machines compromised and of course all sorts of other "smart" devices... more
A Verizon partner is reported to have exposed millions of Verizon customer accounts due to a misconfigured cloud-based file. more
The Anti-Phishing Working Group has released its latest Global Phishing Survey, written by myself and Rod Rasmussen. This report comprehensively examines a large data set of more than 250,000 confirmed phishing attacks detected in 2015 and 2016. By analyzing this cybercrime activity, we have learned more about what phishers have been doing, and how they have done it. Unfortunately, there's more phishing than ever, and phishers are registering more domain names than ever. more
An extensive analysis of WannaCry seems to indicate attackers would be unable to determine which users have paid the ransom and they cannot decrypt on a per-user basis. more
Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more
Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more
A World-Renowned Source for Internet Developments. Serving Since 2002.