Cybercrime

Blogs

A Bad Year for Phishing

Here at the Anti-Phishing Working Group meeting in Hong Kong, we've just released the latest APWG Global Phishing Survey. Produced by myself and my research partner Rod Rasmussen of Internet Identity, it's an in-depth look at the global phishing problem in the second half of 2013. Overall, the picture isn't pretty. There were at least 115,565 unique phishing attacks worldwide during the period. This is one of the highest semi-annual totals we've observed since we began our studies in 2007. more»

Dynamic DNS Customers, Check Your Router Settings!

There have been quite a few news stories released over the last 24 hours regarding a wide-scale compromise of 300,00 Internet gateway devices. Here's the executive summary of what happened, how to check if you are vulnerable, and what you can do to fix it... If you use any of these devices, you should check it to ensure your device has not been compromised. more»

Mind the Step(-function): Are We Really Less Secure Than We Were a Year Ago?

In January 1995, the RFC Editor published RFC 1752: "The Recommendation for the IP Next Generation Protocol"... The Internet is a security officer's nightmare -- so much openness, so easy to capture packet traffic (and/or spoof it!) and send all manner of unwanted traffic. It was built as a research network, hosted by institutes that were 1/ professionally responsible and 2/ interested in working together collegially. So, in the 19 years since the publication of that statement, have we really failed to address the stated goal? more»

Extreme Vulnerability at the Edge of the Internet - A Fresh New Universal Human-Rights Problem

By design, the Internet core is stupid, and the edge is smart. This design decision has enabled the Internet's wildcat growth, since without complexity the core can grow at the speed of demand. On the downside, the decision to put all smartness at the edge means we're at the mercy of scale when it comes to the quality of the Internet's aggregate traffic load. Not all device and software builders have the skills - and the quality assurance budgets - that something the size of the Internet deserves. more»

April 8 2014: A World Less Secure

Not long after the message that Microsoft will stop updating Windows XP from 8 April onwards, after extending it beyond the regular life cycle for over a year already, came the soothing message that malware will be monitored for another year. That may be good news to some, but the fact remains that this is not the same as patching. Remaining on XP leads to a vulnerable state of the desktop, lap top and any other machine running on XP; vulnerable to potential hacks, cyber crimes, becoming part of a botnet, etc. more»

CircleID's Top 10 Posts of 2013

Here we are with CircleID's annual roundup of top ten most popular posts featured during 2013 (based on overall readership). Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2014. more»

Canada's Anti-Spam Law Coming Into Force July 01, 2014

Canada's Anti-Spam Law, CASL, is now a done deal. Last Thursday, Treasury Board of Canada President (and champion of CASL) Tony Clement approved Industry Canada regulations in their final form. Today, Minister of Industry the Honourable James Moore announced CASL will come into force in July 1, 2014. more»

2014 M3AAWG Mary Litynski Award Nominations Now Being Accepted

In 2010 the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) and the Internet industry as a whole lost a great friend and supporter, Mary Litynski. Her dedication, excellence, perseverance and tireless work behind the scenes of M3AAWG helped make the organization the success that it is today. Through this award, M3AAWG seeks to bring attention to the remarkable work that is done far from the public eye over a significant period of time... more»

LAC, the DNS, and the Importance of Comunidad

The 1st Latin American & Caribbean DNS Forum was held on 15 November 2013, before the start of the ICANN Buenos Aires meeting. Coordinated by many of the region's leading technological development and capacity building organizations, the day long event explored the opportunities and challenges for Latin America brought on by changes in the Internet landscape, including the introduction of new gTLDs such as .LAT, .NGO and others. more»

Alleged Power Grab: Is Internet Governance Hanging by a Thread?

The Internet Governance Forum in Bali is not without excitement as usual. There is a rumour about a power grab by the technical community. If the "power grab" is true, then I am assuming that this is a response to threats of institutional frameworks governing or interfering with the current status quo. Personally, I feel that this is anti thesis to "enhanced cooperation". If for some reason, ICANN or the US Government is behind the scenes in instigating this move, then I would suggest that it is very bad strategy and will cause more damage than harm to the current status quo. more»

The Big Bad Internet

I often think there are only two types of stories about the Internet. One is a continuing story of prodigious technology that continues to shrink in physical size and at the same time continue to dazzle and amaze us... The other is a darker evolving story of the associated vulnerabilities of this technology where we've seen "hacking" turn into organised crime and from there into a scale of sophistication that is sometimes termed "cyber warfare". And in this same darker theme one could add the current set of stories about various forms of state sponsored surveillance and espionage on the net. more»

Filtering the Internet Is Still a Bad Idea: DCA, ABC, and Steroid Searches

A few days ago, ABC News ran an "investigative" piece called "Group Probes Ease and Danger of Buying Steroids Online." ABC describes the "group" at issue as "an online watchdog," the Digital Citizens Alliance. That group determined that some of the millions of available YouTube videos encourage steroid use and that YouTube (which is owned by Google) places ads next to steroid-related videos and search results. They argue that Google and YouTube should be held legally responsible for any illegal content linked or posted. more»

In Which We Consider the Meaning of 'Authorized': GIVAUDAN FRAGRANCES CORPORATION v. Krivda

What does authorized access mean? If an employee with authorized access to a computer system goes into that system, downloads company secrets, and hands that information over to the company's competitor, did that alleged misappropriation of company information constitute unauthorized access? This is no small question. If the access is unauthorized, the employee potentially violated the Computer Fraud and Abuse Act (CFAA) (the CFAA contains both criminal and civil causes of action). But courts get uncomfortable here. more»

Domain Name Registrar Allows Completely Blank WHOIS

In a very casual and low-key footnote over the weekend, ICANN announced it would be further bypassing the Affirmation of Commitments and ignoring the WHOIS Review Team Report. There will be no enhanced validation or verification of WHOIS because unidentified people citing unknown statistics have said it would be too expensive... As a topic which has burned untold hours of community debate and development, the vague minimalist statement dismisses every ounce of work put in by stakeholders. more»

NJ Content Liability Law Ruled Inconsistent with Sec. 230 (just like in Washington and Tennesse)

Back in a time before most members of Congress or prosecutors knew that there was an Internet, there was Prodigy. Prodigy, as part of its service, ran family-friendly chat rooms that it moderated in an effort to keep kids protected from unfortunate content. In a different Prodigy chat room, some unknown third party said something apparently bad about an investment firm Stratton-Oakmont. Stratton-Oakmont didn't like that very much, and sued. more»

News Briefs

Secure Domain Foundation Launched to Help Internet Infrastructure Operators Fight Cybercrime

DDoS Awareness Day - Oct 23, Register Today for Live Virtual Event

Close to a Quarter of ZeroAccess Botnet Disabled, Reports Symantec

Arrest Made in Connection to Spamhaus DDoS Case

China and the United States Agree on Forming Joint Cybersecurity Working Group

ICANN Releases Guideline for Coordinated Vulnerability Disclosure Reporting

Obama Signs Cybersecurity Executive Order

M3AAWG, London Action Plan Release Best Practices to Address Online and Mobile Threats

The Tale of Thousands of Hacked Modems in Brazil, Affecting Millions

Cyber and Telecommunications Defence One of the Fastest Growing Industries in the World

Eugene Kaspersky: World Needs International Agreements On Cyber-Weapons

DNSChanger Disruption Inevitable, ISPs Urged to Bolster User Support

Microsoft and Financial Services Groups Disrupt Zeus Botnet Servers

FCC Releases New U.S. Anti-Bot Code

NATO Announces 58 Million Euro Investment in Cyber Defence

Study Links Half of "Rogue" Online Pharmacies to Two Domain Name Registrars

No New Cybersecurity Regulations Needed, ISPs Tell U.S. Lawmakers

DNSChanger Trojan Still Running on Half of Fortune 500s, US Govt

Public-Private Cooperation Policy for Cyber Security Suggested by Commissioner Kroes

Japan Developing Distinctive Anti-Cyberattack Virus

Most Viewed

Most Commented

Taking Back the DNS

Domain Tasting Target of US Federal Cybersquatting Lawsuit

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Industry Updates

Participants – Random Selection