Maintaining Security and Stability in the Internet Ecosystem

DDoS attacks, phishing scams and malware. We battle these dark forces every day - and every day they get more sophisticated. But what worries me isn't just keeping up with them, it is keeping up with the sheer volume of devices and data that these forces can enlist in an attack. That's why we as an industry need to come together and share best practices - at the ICANN community, at the IETF and elsewhere - so collectively we are ready for the future. more»

Exploiting the Firewall Beachhead: A History of Backdoors Into Critical Infrastructure

There is no network security technology more ubiquitous than the firewall. With nearly three decades of deployment history and a growing myriad of corporate and industrial compliance policies mandating its use, no matter how irrelevant you may think a firewall is in preventing today's spectrum of cyber threats, any breached corporation found without the technology can expect to be hung, drawn, and quartered by both shareholders and industry experts alike. more»

DDOS Attackers - Who and Why?

Bruce Schneier's recent blog post, "Someone is Learning How to Take Down the Internet", reported that the incidence of DDOS attacks is on the rise. And by this he means that these attacks are on the rise both in the number of attacks and the intensity of each attack. A similar observation was made in the Versign DDOS Trends report for the second quarter of 2015, reporting that DDOS attacks are becoming more sophisticated and persistent in the second quarter of 2016. more»

Security Against Election Hacking - Part 2: Cyberoffense Is Not the Best Cyberdefense!

State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked. more»

Security Against Election Hacking - Part 1: Software Independence

There's been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states' and counties' election computers as "critical cyber infrastructure" and prioritize the "cyberdefense" of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the election? First, let me explain what can and can't be hacked. Election administrators use computers in (at least) three ways... more»

I Didn't Put My Name on the Census

On many occasions I have written about the dangers of electronic communications in relation to data retention laws, government e-spying and other activities undermining our democracy and our liberty. To date governments still have to come up with evidence that all of this spying on their citizens has prevented any terrorist attacks. Terrorism has been given as the key reason for the government's spying. more»

Ethical Hacking: Turning The Tables to Boost Cyber Security

Hacking remains a huge problem for businesses. As noted by MarketWatch, more than 175 data breaches have already happened this year, and in 2015 approximately 105 million adults in the United States had their personal information stolen. For companies, the stakes are huge: Compromised systems not only damage the bottom line but can severely impact public opinion. more»

Cybersquatting & Banking: How Financial Services Industry Can Protect Itself Online (Free Webinar)

Businesses in the financial services sector are among the most frequent targets of cybersquatters. In this free webinar, I will be joining Craig Schwartz of fTLD Registry Services to provide important information about how domain name fraud is affecting the financial services industries, including banking and insurance, and what businesses and consumers can do to protect themselves online. more»

The Importance of IPRC in Asia Pacific

I believe and strongly support Internet Principle and Right Coalition (IPRC) Charter is an important edition of document supplementing the principles and rights of individual internet users in any developing and least developed country. Especially in Asia Pacific region where the need and use of such document is immense, as there is a gap in recognition and awareness of rights of internet users. more»

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

Is the FCC Inviting the World's Cyber Criminals into America's Living Rooms?

In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor." The bipartisan statement explains that the Intelligence Committee's Report, "highlights the interconnectivity of U.S. critical infrastructure systems and warns of the heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies." more»

Can Hybrid DDoS Mitigation Stop Large Application Layer Attacks?

We recently received an email from a customer asking about hybrid DDoS mitigation and its ability to stop large application layer attacks. Here's the truth: Hybrid DDoS mitigation works and can stop large application layer attacks. Hybrid DDoS mitigation typically involves a purpose-built DDoS mitigation appliance or software on dedicated hardware that sits immediately in front of or behind an enterprise's edge router. more»

ICANN Fails Consumers (Again)

In its bid to be free of U.S. government oversight ICANN is leaning on the global multistakeholder community as proof positive that its policy-making comes from the ground up. ICANN's recent response to three U.S. senators invokes the input of "end users from all over the world" as a way of explaining how the organization is driven. Regardless of the invocation of the end user (and it must be instinct) ICANN cannot seem to help reaching back and slapping that end user across the face. more»

Better "Always-On" DDoS Mitigation

Distributed Denial of Services (DDoS) attacks have been the frustration of information technology professionals for many years. When asked, most tell you they wish their internet service providers (ISPs) would simply provide them "clean pipes" all the time and take care of DDoS attacks upstream before they ever get to them. Unfortunately, the resources (equipment and personnel) necessary to clean Internet connections all the time are very expensive and come with several downsides. more»

Can We Really Blame DNSSEC for Larger-Volume DDoS attacks?

In its security bulletin, Akamai's Security Intelligence Response Team (SIRT) reported on abuse of DNS Security Extensions (DNSSEC) when mounting a volumetric reflection-amplification attack. This is not news, but I'll use this opportunity to talk a bit about whether there is a trade-off between the increased security provided by DNSSEC and increased size of DNS responses that can be leveraged by the attackers. more»

News Briefs

Substantial DDoS Attack Disrupts Twitter, Netflix, Visa and other Major Sites

US Banks Face New Demands by Regulators for Higher Cyber Risk Management Standards

FBI, Czech Police Arrest Russian in Connection With US Hacking Attacks

DNC Emails Hacked Using Fake Gmail Login Forms

Montenegro Election Day Disrupted by Several Cyberattacks

Putin Shrugs Off US Retaliation Threat Over Alleged DNC Hack

British Banks Not Fully Reporting Cyber Attacks, Fear Punishment, Bad Publicity

US to Retaliate Russian DNC Hack, Will Hit Russia with "Proportional" Response

New Trojan Used in High Level Financial Attacks, Multiple Banks Attacked

G7 Nations Set Cybersecurity Guidelines for Financial Sector

Moscow Calls US Accusations of Russian DNC Hack "Unprecedented Anti-Russian Hysteria"

US Intelligence Officially Accuses Russian Government for the DNC Hack

IoT Botnet Source Code Responsible for Historic Attack Has Been Publicly Released

Cameras, DVRs Used for Massive Cyberattack on French Hosting Company and Others

US Senators in Letter to Yahoo Say Late Hack Disclosure "Unacceptable"

What Trump and Clinton Said About Cybersecurity in the First US Presidential Debate

Cybersecurity Regime for Satellites and other Space Assets Urgently Required, Warn Researchers

Yahoo to Confirm Massive Data Breach, Several Hundred Million Users Exposed

UK's National Cyber Security Centre Reveals Plans to Scale Up DNS Filtering

Schneier: "Someone Is Learning How to Take down the Internet"

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection