Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
DMARC is an anti-phishing technique that AOL and Yahoo repurposed last year to help them deal with the consequences of spam to (and apparently from) addresses in stolen address books. Since DMARC cannot tell mail sent through complex paths like mailing lists from phishes, this had the unfortunate side effect of screwing up nearly every discussion list on the planet. Last week the DMARC group published a proposal called ARC, for Authenticated Received Chain, that is intended to mitigate the damage. What is it, and how likely is it to work? more
Russian submarines and spy are reported to be aggressively operating near vital undersea cables that carry global Internet communications, according to a story in the New York Times. The issue is raising concerns among some American military and intelligence officials regarding the possibility that Russians might be planning to attack those lines in times of tension or conflict. more
There's been a lot of media attention in the last few days to a wonderful research paper on the weakness of 1024-bit Diffie-Hellman and on how the NSA can (and possibly does) exploit this. People seem shocked about the problem and appalled that the NSA would actually exploit it. Neither reaction is right. In the first place, the limitations of 1024-bit Diffie-Hellman have been known for a long time. RFC 3766, published in 2004, noted that a 1228-bit modulus had less than 80 bits of strength. That's clearly too little. more
Over 260 global network and security experts have collectively responded to the newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices such as Wi-Fi routers by proposing a new approach to improve the security of these devices. The letter warns FCC ruling will cause more harm than good and risk a significant overreach of the Commission's authority. more
NANOG 65 was once again your typical NANOG meeting: a set of operators, vendors, researchers and others for 3 days, this time in Montreal in October. Here's my impressions of the meeting... The opening keynote was from Jack Waters from Level 3, which looked back over the past 25 years of the Internet, was interesting to me in its reference to the "Kingsbury Letter". more
Earlier this year, I wrote about a recent enhancement to privacy in the Domain Name System (DNS) called qname-minimization. Following the principle of minimum disclosure, this enhancement reduces the information content of a DNS query to the minimum necessary to get either an authoritative response from a name server, or a referral to another name server. more
The primary means of authentication on the Internet is the password -- a half-century old, shared secret mechanism that is difficult to use (especially on mobile devices) and has acknowledged security flaws including attacks at scale. Even so, passwords remain the most prevalent form of authentication with efforts to enhance security typically relying on "bolt on" solutions that increase user friction. more
Senior U.S. and Chinese officials concluded a four day meeting on Saturday discussing cyber security issues ahead of Chinese President Xi Jinping's visit to Washington later this month. more
If this past quarter's stories are any indication, we could very well be seeing the rise of a new wave of threats that will affect people in a more pronounced and physical level, reports Trend Micro in its Q2 Security Roundup Report. more
Ubiquiti Networks Inc., a San Jose based maker of networking technology, has disclosed that cyber criminals stole $46.7 million via a "business email compromise fraud involving employee impersonation." more
Usernames/email addresses and encrypted passwords for profile accounts created on the ICANN.org public website have been obtained by an unauthorized person, the Internet Corporation for Assigned Names and Numbers announced Wednesday night. more
In my last blog post I shared some of the general security challenges that come with the Internet of Things (IoT). In this post, I will focus on one particular security risk: distributed denial of service (DDoS) attacks. Even before the age of IoT, DDoS attacks have been turning multitudes of computers into botnets, attacking a single target and causing denial of services for the target's users. By "multitudes" we can be talking about thousands or even millions of victim devices. Now add IoT into the equation... more
Shadow IT -- the use of unsanctioned software and services by employees -- is a problem. It's a big one. According to Forbes, 72 percent of executives don't know how many "shadow" apps are being used on their network. Beyond overloading network resources and impacting data compliance, there is also the real threat of security breaches from unapproved apps. Managing IT you can't see is no easy task, but fortunately it's not impossible. Here are five tips to help bring light to the shadows. more
Over the last few years I've been hearing some people claim that botnets are the real spam problem and that if you can find a sender then they're not a problem. Much of this is said in the context of hating on Canada for passing a law that requires senders actually get permission before sending email. Botnets are a problem online. They're a problem in a lot of ways. They can be used for denial of service attacks. They can be used to mine bitcoins... more
Unlike consultant-led penetration testing, periodic or continual vulnerability scanning programs have to operate harmoniously with a corporation's perimeter defenses. Firewalls, intrusion prevention systems, web proxies, dynamic malware analysis systems, and even content delivery networks, are deployed to protect against the continuous probes and exploit attempts of remote adversaries -- yet they need to ignore (or at least not escalate) similar probes and tests being launched by the managed security service providers an organization has employed to identify and alert upon any new vulnerabilities within the infrastructure or applications that are to be protected. more
A World-Renowned Source for Internet Developments. Serving Since 2002.