Cyberattack

Blogs

A Trebuchet Defence in the Age of the Augmented Reality Cyberwarrior

I've been ruminating on this for a while, this follow-up that was a decade in the offing. My article Trench Warfare in the Age of The Laser-Guided Missile from January 2007 did pretty good in terms of views since I wrote it. Less so in terms of how well the ideas aged or didn't, but that's the nature of the beast. Everything gets worse, and simultaneously, better, and so here we are: Using embarrassingly ancient approaches to next-generation threats. Plus ├ža change. more

Schneier and Kerr on Encryption Workarounds

Bruce Schneier is a famous cryptography expert and Orin Kerr a famous cyberlaw professor. Together they've published a law journal article on Encryption Workarounds. It's intended for lawyers so it's quite accessible to non-technical readers. The article starts with a summary of how encryption works, and then goes through six workarounds to get the text of an encrypted message. more

Is Blockchain Causing More Cybersecurity Attacks in the Financial Industry?

There's a lot of misunderstanding about blockchain. A recent study by HSBC, for example, found that 59 percent of customers around the world had never heard of it. Yet, while that alone is quite telling, it's probably more alarming to consider the fact that very same poll revealed that 80 percent of people who had hard of blockchain did not understand what it is. This level of confusion isn't confined to the general population either. more

Routing Attacks on Internet Services

This post was co-authored by Yixin Sun, Annie Edmundson, Henry Birge-Lee, Jennifer Rexford, and Prateek Mittal. In this post, we discuss a recent thread of research that highlights the insecurity of Internet services due to the underlying insecurity of Internet routing. We hope that this thread facilitates important dialog in the networking, security, and Internet policy communities to drive change and adoption of secure mechanisms for Internet routing. more

1 Terabit DDoS Attacks Become a Reality; Reflecting on Five Years of Reflections

Reflection amplification is a technique that allows cyber attackers to both magnify the amount of malicious traffic they can generate, and obfuscate the sources of that attack traffic. For the past five years, this combination has been irresistible to attackers, and for good reason. This simple capability, of turning small requests into larger, 'amplified' responses, changed the Distributed Denial of Service (DDoS) attack landscape dramatically. more

Humming an Open Internet Demise in London?

In mid-March, the group dubbed by Wired Magazine 20 years ago as Crypto-Rebels and Anarchists - the IETF - is meeting in London. With what is likely some loud humming, the activists will likely seek to rain mayhem upon the world of network and societal security using extreme end-to-end encryption, and collaterally diminish some remaining vestiges of an "open internet." Ironically, the IETF uses what has become known as the "NRA defence": extreme encryption doesn't cause harm, criminals and terrorists do. more

Why Is It So Hard to Run a Bitcoin Exchange?

One of the chronic features of the Bitcoin landscape is that Bitcoin exchanges screw up and fail, starting with Mt. Gox. There's nothing conceptually very hard about running an exchange, so what's the problem? The first problem is that Bitcoin and other blockchains are by design completely unforgiving. If there is a bug in your software which lets people steal coins, too bad, nothing to be done. more

The Over-Optimization Meltdown

In simple terms, Meltdown and Spectre are simple vulnerabilities to understand. Imagine a gang of thieves waiting for a stage coach carrying a month's worth of payroll. There are two roads the coach could take, and a fork, or a branch, where the driver decides which one to take. The driver could take either one. What is the solution? Station robbers along both sides of the branch, and wait to see which one the driver chooses. more

A Year in Review: 14,000 Routing Incidents In 2017

How was the state of the Internet's routing system in 2017? Let's take a look back using data from BGPStream. Some highlights: 13,935 total incidents (either outages or attacks like route leaks and hijacks); Over 10% of all Autonomous Systems on the Internet were affected; 3,106 Autonomous Systems were a victim of at least one routing incident; 1,546 networks caused at least one incident. more

CircleID's Top 10 Posts of 2017

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018. more

Meltdown and Spectre: Security is a Systems Property

I don't (and probably won't) have anything substantive to say about the technical details of the just-announced Meltdown and Spectre attacks. What I do want to stress is that these show, yet again, that security is a systems property: being secure requires that every component, including ones you've never heard of, be secure. These attacks depend on hardware features... and no, many computer programmers don't know what those are, either. more

A Digital 'Red Cross'

A look into the past reveals that continuous developments in weaponry technology have been the reason for arms control conventions and bans. The banning of the crossbow by Pope Urban II in 1096, because it threatened to change warfare in favour of poorer peasants, the banning of poisoned bullets in 1675 by the Strasbourg Agreement, and the Geneva protocol banning the use of biological and chemical weapons in 1925 after world war 1, all prove that significant technological developments have caused the world to agree not to use certain weapons. more

WHOIS: How Could I Have Been So Blind?

A colleague was recently commenting on an article by Michele Neylon "European Data Protection Authorities Send Clear Message to ICANN" citing the EU Data Commissioners of the Article 29 Working Party, the grouping a determinate factor In the impending death of WHOIS. He is on point when he said: What the European Data Protection authorities have not yet put together is that the protection of people's mental integrity on the Internet is not solely due to the action of law enforcement... more

Voluntary Reporting of Cybersecurity Incidents

One of the problems with trying to secure systems is the lack of knowledge in the community about what has or hasn't worked. I'm on record as calling for an analog to the National Transportation Safety Board: a government agency that investigates major outages and publishes the results. In the current, deregulatory political climate, though, that isn't going to happen. But how about a voluntary system? more

DDOS and the DNS

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of "landmark" DDOS attacks on the Internet. It's up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? more

News Briefs

Oracle Launches Internet Intelligence Map Providing Insight Into the Impact of Internet Disruptions

FCC Accused of Intentionally Lying to Media Saying Net Neutrality Comment Flood Was Cyberattack

Newly Discovered Malware Called VPNFilter is Targeting at Least 500K Networking Devices Worldwide

EU Considers Integrating New Norms of Cyberwar Into Security Policies

Department of Homeland Security Issues More Warnings on Security Vulnerabilities in Medical Devices

New Type of DDoS Attack Targets Vulnerability in Universal Plug and Play Networking Protocol

Massachusetts School District Pays Hackers $10K in Bitcoin, Police Calls Case "Impossible" to Solve

World's Largest DDoS-for-Hire Service Taken Down in Major International Probe

DNS Server Hijacking Results in Funds Being Stolen from Popular Crypto Website, MyEtherWallet

2.6 Billion Records Were Stolen, Lost or Exposed Worldwide in 2017, an 88% Increase From 2016

Iran Among Countries Affected by a Cyberattack That Left U.S. Flag on Screens

Boeing Says WannaCry Outbreak 'Overstated and Inaccurate'

1.3 Tbps DDoS Attack Against GitHub is Largest Attack Seen to Date, Says Akamai

IPv6, 5G and Mesh Networks Heightening Law Enforcement Challenges, Says Australian Government

'First True' Native IPv6 DDoS Attack Reported

SEC Reinforces and Expands Its Cybersecurity Guidance for Public Companies

Report Estimates Cybercrime Taking $600 Billion Toll on Global Economy

Hackers Use Tesla's Amazon Cloud Account to Mine Cryptocurrency

Botnets Shift Focus to Credential Abuse, Says Latest Akamai Report

UK's Government Websites Infected by Cryptocurrency Mining Malware

Most Viewed

Most Commented

Industry Updates

Participants – Random Selection