The Domain Name System, or DNS, has come a long way since its early days and the constant expansion of consumer activity and security concerns has raised further awareness about the critical role of the DNS. However, as the Yankee Group Research points out in a recent report, "there are more changes coming that are also raising the profile of DNS -- notably the move to cloud computing and the migration to IPv6." Suffice to say this is "Not Your Father's DNS". The report titled, "DNS: Risk, Reward and Managed Services" takes a fresh look at today's state of the DNS and the pros and cons of in-house, ISP and managed service provider DNS management options. more»
Wout de Natris: "In this decision OPTA revokes the registration of Diginotar as a so called Trusted Third Party. Diginotar issued certified certificates for digital signatures. The security breach by Iranian hackers over the summer, which Diginotar did not report to the authorities, lead to severe credibility issues for all Diginotar certificates issued before. This included Dutch government websites, but also led to severe breaches of privacy for Iranian end users, in multiple countries. As a result of OPTA's decision all certificates issued by Diginotar have to be revoked, while at the same she is forbidden to issue new ones. more»
Reported in Guardian: "Footage that appears to feature army-labelled software raises questions about China's denials of involvement in hacking. China's state broadcaster has screened footage that apparently shows army-labelled software for attacking US-based websites, security experts have said. Beijing has consistently denied being behind cyber-attacks, insisting it plays no part in hacking and is itself a victim." more»
New research indicates cyberattacks increasingly plague businesses and government organizations, resulting in significant financial impact, despite widespread awareness. Conducted by the Ponemon Institute, the Second Annual Cost of Cyber Crime Study revealed that the median annualized cost of cybercrime incurred by a benchmark sample of organizations was $5.9 million per year, with a range of $1.5 million to $36.5 million each year per organization. This represents an increase of 56 percent from the median cost reported in the inaugural study published in July 2010. more»
The U.S. Department of Transportation (USDOT), Research and Innovative Technology Administration (RITA) and Volpe National Transportation Systems Center (Volpe Center), today released a Request for Information (RFI) seeking to obtain informed views on the "perceived needs, prevailing practices, and lessons learned concerning the cybersecurity and safety of safety-critical electronic control systems used in various modes of transportation and other industry sectors."
more»
Paul Roberts reporting in threatpost: "Stuxnet may have been super sophisticated cyber weapon deployed by state actors, but future generations of the malware will be available to run of the mill script kiddies, a noted expert on security and industrial control systems has warned in a letter to the U.S. Congress ten months ago. Ralph Langner, the UK-based security consultant, released a copy of a confidential letter addressed to a member of the U.S. House of Representatives." more»
Web applications, on average, experience twenty seven attacks per hour, or roughly one attack every two minutes, according to the newly released Imperva Web Application Attack Report. Report also notes that when websites came under automated attack they received up to 25,000 attacks in one hour, or 7 attacks every second. more»
The United States and India signed a Memorandum of Understanding (MOU) today to promote closer cooperation and the timely exchange of information between the organizations of their respective governments responsible for cybersecurity, according to U.S. Department of Homeland Security. "The MOU was signed in New Delhi by Jane Holl Lute, Deputy Secretary for the U.S. Department of Homeland Security (DHS) and R. Chandrashekhar, Secretary, India Department of Information Technology." more»
Brian Krebs reporting in Krebs on Security: "Federal banking regulators today released a long-awaited supplement to the 2005 guidelines that describe what banks should be doing to protect e-banking customers from hackers and account takeovers. Experts called the updated guidance a step forward, but were divided over whether it would be adequate to protect small to mid-sized businesses against today's sophisticated online attackers. The new guidance updates "Authentication in an Internet Banking Environment," a document released in 2005 by the Federal Financial Institutions Examination Council (FFIEC) for use by bank security examiners." more»
A project named S-GPS or Spammer Global Positioning System, by Microsoft researchers uses spammer identification rather than spam identification to identify zombie-based spammers. more»
ICANN and internet exchange firm Packet Clearing House (PCH) have joined forces with Infocomm Development Authority of Singapore (IDA) and the National University of Singapore (NUS) to launch the first of three facilities designed to boost the adoption of Domain Name System Security (DNSSEC) among country code Top-Level Domains (ccTLDs). The three new facilities, located in Singapore; Zurich, Switzerland (still under construction) and San Jose, California, provide cryptographic security using the recently deployed DNSSEC protocol. more»
The Pentagon is about to roll out an expanded effort to safeguard its contractors from hackers and is building a virtual firing range in cyberspace to test new technologies, according to officials familiar with the plans, as a recent wave of cyber attacks boosts concerns about U.S. vulnerability to digital warfare. The twin efforts show how President Barack Obama's administration is racing on multiple fronts to plug the holes in U.S. cyber defenses... more»
China must boost its cyber-warfare strength to counter a Pentagon push, the country's top military newspaper said on Thursday after weeks of friction over accusations that Beijing may have launched a string of Internet hacking attacks. The accusations against China have centered on an intrusion into the security networks of Lockheed Martin Corp and other U.S. military contractors... more»
Maria Aspan reporting in Reuters: "Major U.S. banks came under growing pressure from banking regulators to improve the security of customer account information after Citigroup Inc became the latest high-profile victim of a large-scale cyber attack. ... The third-largest U.S. bank waited more than a month before making the full extent of the breach public, drawing criticism on Thursday from lawmakers and lawyers." more»
Chris Buckley reporting in Reuters: "The tough warning appeared in the overseas edition of the People's Daily, the leading newspaper of China's ruling Communist Party, indicating that political tensions between the United States and China over Internet security could linger. Last week, Google said it had broken up an effort to steal the passwords of hundreds of Google email account holders, including U.S. government officials, Chinese human rights advocates and journalists. It said the attacks appeared to come from China..." more»
