Most current real-world computer security efforts focus on external threats, and generally treat the computer system itself as a trusted system. Some knowledgeable observers consider this to be a disastrous mistake, and point out that this distinction is the cause of much of the insecurity of current computer systems – once an attacker has subverted one part of a system without fine-grained security, he or she usually has access to most or all of the features of that system. Because computer systems can be very complex, and cannot be guaranteed to be free of defects, this security stance tends to produce insecure systems. There are many similarities (yet many fundamental differences) between computer and physical security. Just like real-world security, the motivations for breaches of computer security vary between attackers, sometimes called hackers or crackers. Some are teenage thrill-seekers or vandals (the kind often responsible for defacing websites); similarly, some website defacements are done to make political statements. However, some attackers are highly skilled and motivated with the goal of compromising computers for financial gain or espionage. Read the full background at Cyberattack Wikipedia
By utilizing the people's information warfare concept, Iranian opposition has managed to successfully organize a cyberattack against Tehran's regime (complete analysis) by using Twitter, web forums, and localization (translation) of the recruitment messages in order to seek assistance from foreigners. So far, their rather simplistic denial of service tools has managed to disrupt access to key government web sites, and the intensity of the attacks is prone to increase since the opposition appears to be in a "learning mode". more»
Seventy-five years ago today, on May 29th, 1934, Egyptian private radio stations fell silent, as the government shut them down in favor of a state monopoly on broadcast communication. Egyptian radio "hackers" (as we would style them today) had, over the course of about fifteen years, developed a burgeoning network of unofficial radio stations... It couldn't last. After two days of official radio silence, on May 31st, official state-sponsored radio stations (run by the Marconi company under special contract) began transmitting a clean slate of government-sanctioned programming, and the brief era of grass-roots Egyptian radio was over... more»
This is a follow-up to my previous post on Cybersecurity and the White House. It illustrates an actual cyberwarfare attack against Estonia in 2007 and how it can be a legitimate national security issue. Estonia is one of the most wired countries in eastern Europe. In spite of its status of being a former Soviet republic, it relies on the internet for a substantial portion of everyday life -- communications, financial transactions, news, shopping and restaurant reservations all use the Internet. Indeed, in 2000, the Estonian government declared Internet access a basic human right... more»
A few months ago, an article appeared on arstechnica.com asking the question "Should cybersecurity be managed from the White House?" During the recent presidential elections in the United States and the federal elections in Canada, the two major players in both parties had differing views that crossed borders. In the US, the McCain campaign tended to favor free market solutions to the problem of cybersecurity, and the Conservatives in Canada took a similar position... more»
News broke this week about an attack in Puerto Rico that caused the local websites of Google, Microsoft, Yahoo, Coca-Cola, PayPal, Nike, Dell and Nokia to be redirected for a few hours to a phony website. The website was all black except for a taunting message from the computer hacker responsible for the attack... more»
With the recent attacks against high-profile New Zealand domain names including Coca-Cola.co.nz and F-Secure.co.nz, fingers are naturally pointing to Domainz, the registrar of record for these domains, as the party responsible for this lapse in security. While domain name registrars certainly need to ensure the security and stability of their systems, domain name registries must also step up and take responsibility for mitigating risks posed by hackers... more»
Internet users are acutely aware of their exposure on the Internet and clearly concerned about their safety. Increased downloads of scareware as Conficker made headlines in the mainstream media are only the latest evidence. Desktop software is often viewed as a one-stop shop for fighting Internet threats such as viruses, worms and other forms of malware and phishing. These solutions have served us well but more protections are needed to address the dynamic and increasingly sophisticated web based exploits being launched... more»
A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack. The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security... more»
NeuStar's UltraDNS faced attack on two fronts on Tuesday, March 31. One of the attacks was technical -- a massive denial-of-service attack. The second was a rather surprising opening strike from competitor Dynamic Network Services (DynDNS), which launched a full-scale (and in T1R's opinion, misguided) public relations broadside. First, to the actual denial of service attack. Contrary to many early reports, UltraDNS was not 'down' on Tuesday... more»
The market has failed to secure cyberspace. A ten-year experiment in faith-based cybersecurity has proven this beyond question. The market has failed and the failure of U.S. policies to recognize this explains why we are in crisis. The former chairman of the Security and Exchange Commission, Christopher Cox, a longtime proponent of deregulation, provided a useful summary of the issue when he said, "The last six months have made it abundantly clear that voluntary regulation does not work."... more»
This vulnerability, brought to public attention last year by security researcher Dan Kaminsky, allows criminal elements to engage in "DNS cache poisoning" for the malicious hijacking of domain names and results in consequent damage from large-scale identity theft, among other illegal activities. ›››
Today, .ORG, The Public Interest Registry, the company behind the .ORG domain name, is the first open generic Top-Level Domain to successfully sign the .ORG zone file with Domain Name Security Extensions (DNSSEC). To date, the .ORG zone is the largest domain registry to implement the security measure. ›››
MarkMonitor, the global leader in enterprise brand protection, today announced Facebook has selected MarkMonitor AntiFraud Solutions to supplement its own in-house security efforts in protecting users against malware attacks. ›››
MarkMonitor announces AntiFraud Solutions, offering patented technology to enable brand owners to prevent, detect and respond to phishing and malware attacks. Service leverages the extensive MarkMonitor network of relationships and technology designed to thwart phishing attacks in order to combat the rapidly expanding problem of malware targeting brands. ›››
DNSstuff.com has announced in partnership with Trusteer that it is offering Rapport, a tool that protects your transactions from being tampered with and private information from being stolen, through its website, dnsstuff.com.
Rapport is an easy-to-use browser plug-in that provides users with a secure connection to any online site they log into, protecting their most valuable online assets — login credentials. ›››
MarkMonitor has announced AntiFraud Solutions, offering patented technology to enable brand owners to prevent, detect and respond to phishing and malware attacks. MarkMonitor AntiFraud Solutions leverage the extensive MarkMonitor network of relationships and technology designed to thwart phishing attacks in order to combat the rapidly expanding problem of malware targeting brands.
›››
COCC, a leading provider of next generation technology services for financial institutions, has partnered with MarkMonitor, the global leader in enterprise brand protection, to help mutual clients protect their brands in the face of increasing Internet-based fraud. ›››
Mexico City's ICANN meeting represented an important shift in direction for brand rights holder issues. All the work that the IP Community -- including ICANN's IP Constituency, our customers, concerned companies, organizations and individuals who commented on the draft applicant guidebook as well as MarkMonitor -- paid dividends. ›››
MarkMonitor releases the company's latest Brandjacking Index, which finds that online abuse of many of the world's leading brands rose in 2008; report also reveals that 80% of abusive sites identified in 2007 were still active today, indicating brandholders must take a stronger stance against aggressive fraudsters. ›››
.ORG, The Public Interest Registry, DNSSEC FUD Buster series continues this month with a piece authored by Andrew Sullivan. Andrew works for Shinkuro, an organization that interests and expertise lie in secure Internet capabilities. ›››
Copyright © 2002-2009 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
