Cyberattack

Cyberattack / Featured Blogs

Proceedings of Name Collisions Workshop Available

Keynote speaker, and noted security industry commentator, Bruce Schneier (Co3 Systems ) set the tone for the two days with a discussion on how humans name things and the shortcomings of computers in doing the same. Names require context, he observed, and "computers are really bad at this" because "everything defaults to global." Referring to the potential that new gTLDs could conflict with internal names in installed systems, he commented, "It would be great if we could go back 20 years and say 'Don't do that'," but concluded that policymakers have to work with DNS the way it is today. more»

Dynamic DNS Customers, Check Your Router Settings!

There have been quite a few news stories released over the last 24 hours regarding a wide-scale compromise of 300,00 Internet gateway devices. Here's the executive summary of what happened, how to check if you are vulnerable, and what you can do to fix it... If you use any of these devices, you should check it to ensure your device has not been compromised. more»

More Denial of Service Attacks

There are quite a lot of NTP-amplified denial of service attacks going around at the moment targeting tech and ecommerce companies, including some in the email space. What does NTP-amplifed mean? NTP is "Network Time Protocol" - it allows computers to set their clocks based on an accurate source, and keep them accurate. It's very widely used - OS X and Windows desktops typically use it by default, and most servers should have it running. more»

Extreme Vulnerability at the Edge of the Internet - A Fresh New Universal Human-Rights Problem

By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills - and the quality assurance budgets - that something the size of the Internet deserves. more»

Securing the Core

BGP. Border Gateway Protocol. The de-facto standard routing protocol of the Internet. The nervous system of the Internet. I don't think I can overstate the importance, the criticality of BGP to the operation of the modern Internet. BGP is the glue that holds the Internet together at its core. And like so many integral pieces of the Internet, it, too, is designed and built on the principle of trust... The folks who operate the individual networks that make up the Internet are generally interested in keeping the Internet operating, in keeping the packets flowing. And they do a great job, for the most part. more»

April 8 2014: A World Less Secure

Not long after the message that Microsoft will stop updating Windows XP from 8 April onwards, after extending it beyond the regular life cycle for over a year already, came the soothing message that malware will be monitored for another year. That may be good news to some, but the fact remains that this is not the same as patching. Remaining on XP leads to a vulnerable state of the desktop, lap top and any other machine running on XP; vulnerable to potential hacks, cyber crimes, becoming part of a botnet, etc. more»

W3C/IAB "Strengthening the Internet" Workshop: Deadline Monday to Submit Position Papers

How can the open standards organizations of the IETF and W3C "strengthen the Internet" against large-scale pervasive monitoring? That is the topic up for discussion at the "Strengthening the Internet Against Pervasive Monitoring (STRINT)" workshop planned for February 28 and March 1, 2014, and jointly sponsored by the Internet Architecture Board (IAB) and the W3C. The workshop is by invitation-only and has a deadline of Monday, January 20, 2014 (by 11:59 UTC) for submission of either position papers or Internet drafts. more»

Domain Name System (DNS) Security Should Be One of Your Priorities

Most people, even seasoned IT professionals, don't give DNS (the Domain Name System) the attention it deserves. As TCP/IP has become the dominant networking protocol, so has the use of DNS... Due to the reliability built into the fundamental RFC-based design of DNS, most IT professionals don't spend much time worrying about it. This can be a huge mistake! more»

Google's Project Shield May Actually Be A Double-Edged Sword

Google has received a lot of press regarding their Project Shield announcement at the Google Ideas Summit. The effort is being applauded as a milestone in social consciousness. While on the surface the endeavor appears admirable, the long-term impact of the service may manifest more than Google had hoped for. Project Shield is an invite-only service that combines Google's DDoS mitigation technology and Page Speed service... more»

Alleged Power Grab: Is Internet Governance Hanging by a Thread?

The Internet Governance Forum in Bali is not without excitement as usual. There is a rumour about a power grab by the technical community. If the "power grab" is true, then I am assuming that this is a response to threats of institutional frameworks governing or interfering with the current status quo. Personally, I feel that this is anti thesis to "enhanced cooperation". If for some reason, ICANN or the US Government is behind the scenes in instigating this move, then I would suggest that it is very bad strategy and will cause more damage than harm to the current status quo. more»