Cyberattack

Cyberattack / Featured Blogs

Spam Fighting: Lessons from Jack Bauer?

Jan 12, 2009

As I blogged about several months ago, as did numerous other anti-spam bloggers, David Ritz was sued by Jeffrey Reynolds and a judge in North Dakota agreed with Reynolds. At the heart of the case was that Ritz engaged in anti-spam activities using techniques known only to a small subset of advanced computer users, and used these techniques maliciously against Reynolds... Back in the olden days of spam fighting, some anti-spammers used to use malicious techniques against spammers in order to shut them down... more

Reply-All Creates a DDoS Attack?

Jan 12, 2009

One can read in an Associated Press article that the US State Department have their email system bogged down due to too many people use the Reply-All function in their email client. IT Departments have asked people to not use Reply-All and also threaten with disciplinary action. To me, that is the wrong path forward. more

CircleID’s Top 10 Posts of 2008

Jan 01, 2009

Here is a list of the most viewed news and blog postings that were featured on CircleID in 2008... Best wishes for 2009 and Happy New Year from all of us here at CircleID. more

The Report on “Securing Cyberspace for the 44th Presidency”

Dec 15, 2008

A report "Securing Cyberspace for the 44th Presidency" has just been released. While I don't agree with everything it says (and in fact I strongly disagree with some parts of it), I regard it as required reading for anyone interested in cybersecurity and public policy. The analysis of the threat environment is, in my opinion, superb; I don't think I've seen it explicated better. Briefly, the US is facing threats at all levels, from individual cybercriminals to actions perpetrated by nation-states. The report pulls no punches... more

Why DNS is Broken, in Plain English

Nov 14, 2008

At ICANN's meeting in Egypt last week, I had the opportunity to try and explain to various non-technical audiences why the Domain Name System (DNS) is vulnerable to attack, and why that is important, without needing a computer science degree to understand it. Here is the summary. more

The Harsh Reality of Spam and Online Security… Should I Stay or Should I Go?

Nov 13, 2008

Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more

Toxic Information

Oct 19, 2008

U.S. intelligence officials are increasingly worried that hackers could wreak havoc on the financial system. Read the story here in National Journal. Not that we need it, but here's yet another reason to worry about havoc in financial markets: U.S. intelligence officials increasingly fear that computer hackers could wreck banks and large financial institutions, or send stock markets into one more panicked frenzy, by covertly manipulating data and spreading false information. more

Time for Self Reflection

Oct 05, 2008

In case you don't read any of what I have to say below, read this: I have dual citizenship. Along with my homeland citizenship, I am of the Internet, and see it as my personal duty to try and make the Internet safe. Atrivo (also known as Intercage), is a network known to host criminal activity for many years, is no more. Not being sarcastic for once, this is the time for some self reflection. more

Estonian Cyber Security Strategy Document: Translated and Public

Sep 23, 2008

The Estonians have a public version of their cyber security strategy translated into English (currently available offline only). The concept of a national strategy for cyber security is one which I am particularly fond of... The following is the Summary section from the document which might be of interest... more

Caring About Cybersecurity or Preparing the Ground for an I-Patriot Act?

Sep 11, 2008

Few months ago in a talk given at the Institution of Engineering and Technology organised here in London by the Society for Computers and Law, Professor Lessig recounted a conversation he had with former US Counter Terrorism Czar Richard Clarke, where Larry asked the question that many had in mind... how the US Government managed to conceptualize, design and draft a piece of legislation as vast and complex as the USA PATRIOT Act in such a short period of time (a month and 15 days after 9/11), and the answer was what many people had imagined... more

Industry Updates

Digging Deep to Examine the Roots of the Glupteba UEFI Bootkit

Hunting for TimbreStealer Malware Artifacts in the DNS

Uncovering Suspicious Download Pages Linked to App Installer Abuse

On the DNS Trail of the Rise of macOS Backdoors

Checking Out the DNS for More Signs of ResumeLooters

WhoisXML API Publishes a New Study of 7 APT Groups That Have Targeted North America

Searching for Potential Propaganda Vehicle Presence in the DNS

Following the VexTrio DNS Trail

DarkGate RAT Comes into the DNS Spotlight

Tracing Ivanti Zero-Day Exploitation IoCs in the DNS

The New RisePro Version in the DNS Spotlight

Tracking Down Sea Turtle IoCs in the DNS Ocean

Tracing the DNS Spills of the OilRig Cyber Espionage Group

Uncloaking the Underbelly of JinxLoader

Examining the Mirai.TBOT IoCs under the DNS Microscope

View More