Cybercrime

Sponsored
by

Noteworthy

Domain Research and Monitoring: Keeping an Eye on the Web for You

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Cybercrime / Most Commented

CADNA Launches National Campaign Against Typosquatting

The Coalition Against Domain Name Abuse (CADNA), a non-profit organization based in Washington D.C., is confronting 'cybersquatting', or as defined in the report today, the fraudulent abuse of domain name registration that threatens the future viability of Internet commerce. From today's release: "To effectively combat cybersquatting, CADNA will work at the federal and international levels to make these fraudulent practices difficult to establish and unprofitable to maintain. Among the coalition's goals are to pursue congressional legislation that would increase the statutory damages set forth by the existing Anti-Cybersquatting Consumer Protection Act..." more

WIPO Crowing Again About "Cybersquatting"

Most of us would be put off if a court issued a press release cheering the number of prisoners its judges had put behind bars or the number of tenants it had helped landlords to evict. That seems antithetical to the neutral adjudication of disputes, and ethical rules regularly decry such "appearance of bias." Yet WIPO seems to think it perfectly natural to crow about its arbitrators' favoritism for complainants against "cybersquatters" in UDRP proceedings. It issued a release that reads like a solicitation for trademark claimants' business, not a promotion of neutral arbitration services... more

What's Wrong with Domain Names?

Despite the significant traffic that comes from typed-in domain names, the public harumphing and clucking about type-in traffic is climbing in volume as it becomes clear how much money is involved. Articles this week show that domain names, and the people who make money on them, are making some commentators uncomfortable. more

Time to Play Offense

The United States is under cyber-attack. An article in Time magazine titled "The Invasion of the Chinese Cyberspies" discusses a computer-network security official for Sandia National Laboratories who had been "tirelessly pursuing a group of suspected Chinese cyberspies all over the world." The article notes that the cyberespionage ring, known to US investigators as Titan Rain, has been "penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies." more

Thoughts About "Protection Against BIND"

Imagine my surprise upon reading a BBC article which identified ISC BIND as the top security vulnerability to UNIX systems. At ISC, we have striven for a decade to repair BIND's reputation, and by all accounts we have made great progress. "What could this be about," I wondered, as I scanned the BBC article for more details. It turns out that BBC was merely parroting what it had been told by SANS. OK, let's see what SANS has to say... more

Preliminary Thoughts on the Equifax Hack

As you've undoubtedly heard, the Equifax credit reporting agency was hit by a major attack, exposing the personal data of 143 million Americans and many more people in other countries. There's been a lot of discussion of liability; as of a few days ago, at least 25 lawsuits had been filed, with the state of Massachusetts preparing its own suit. It's certainly too soon to draw any firm conclusions... but there are a number of interesting things we can glean from Equifax's latest statement. more

The Criminals Behind WannaCry

359,000 computers infected, dozens of nations affected world-wide! A worm exploiting a Windows OS vulnerability that looks to the network for more computers to infect! This is the most pernicious, evil, dangerous attack, ever... Queue the gnashing of teeth and hand-wringing! Wait, what? WannaCry isn't unprecedented! Why would any professional in the field think so? I'm talking about Code Red, and it happened in July, 2001. more

EFF's Emerging Alignment With Offshore Internet Pharmacies

The last few years have been challenging ones for members of the Canadian International Pharmacy Association. First, in 2010, they lost their ability to advertise in the US search space after the US Department of Justice noted that many seemingly "Canadian" pharmacy websites "sell drugs obtained from countries other than Canada" when shipping medicines into the US, and major search advertising programs tightened their policies, effectively excluding CIPA's members from advertising in the US. more

Narcotics Traffic Is Not Part of a Healthy Domain System

A stack contrast is emerging within the DNS between providers who tolerate blatantly illegal domain use and those who do not. Our study, just published here focuses on five U.S.-based providers, their policies, and their response to reports of opioid traffic within their registry or registrar. There are many providers, not covered here, who removed hundreds of domains selling opioids and I applaud their efforts. more

Asking a Better Question to Uncloak the Online Copyright Debate

The proverbial Pandora's box that is opened whenever the topic of online copyright infringement is raised throws into sharp relief a host of challenges that have confounded policy makers, internet service providers and consumers for many years. Chief amongst them is how to strike an appropriate balance between protecting the rights of content owners while continuing to promote the interests of the public and preserving the benefits of the internet, given its unprecedented ability to facilitate the rapid dissemination of copyrighted content. more

Accountability, Transparency, and… Consistency?

ICANN Compliance now has two conflicting answers on record concerning the enforceability of RAA 378 on WHOIS inaccuracy. This is a topic of extreme importance and one we are trying to get to the bottom of. ...inconsistency needs to be resolved as it directly impacts the current RAA negotiations and certainly before new gTLDs are deployed. more

Alignment of Interests in DNS Blocking

I've written recently about a general purpose method called DNS Response Policy Zones (DNS RPZ) for publishing and consuming DNS reputation data to enable a market between security companies who can do the research necessary to find out where the Internet's bad stuff is and network operators who don't want their users to be victims of that bad stuff... During an extensive walking tour of the US Capitol last week to discuss a technical whitepaper with members of both parties and both houses of the legislature, I was asked several times why the DNS RPZ technology would not work for implementing something like PROTECT-IP. more

Independence and Security Online Have Not Yet Been Won

As we, here in the United States celebrate our independence this Fourth of July, we are reminded that the liberties and freedoms that come with that independence have yet to be won online. As citizens of this country we are blessed with safety and security from threats both foreign and domestic, but those guarantees have not yet extended to our citizenship in the global Internet community. This is true not just for American citizens, but for all Internet users throughout the world. more

Garth Bruen Discussing Whois, DNSSEC and Domain Security

NameSmash has interviewed Garth Bruen, Internet security expert and creator of Knujon, on some key issues under discussion during the recent ICANN meetings in San Francisco. Topics include Whois, DNS Security Extensions (DNSSEC) and generic Top-Level Domains (gTLDs) -- issues of critical importance particularly with ICANN's expected roll-out of thousands of new gTLDs in the coming years. more

Should a Domain Name Registrar Run from a PO Box?

In 2008 KnujOn published a report indicating that 70 ICANN accredited Registrars had no publicly disclosed business location. The fundamental problem was one of community trust and consumer faith. Registrars extend their legitimacy to their domain customers who then transact and communicate with the public. more

Industry Updates

Alleviating the Constant Clash Between DevSecOps and DevOps Teams

Moving from the Castle-and-Moat to the Zero-Trust Model

Why IT Security and DevOps Teams Are Often at Odds

Mitigation and Remediation: Where Threat Intelligence Fits In

4 Cybersecurity Jobs Created in Response to Evolving Threats

Cloud and IaaS DLP Woes: Is Additional Threat Intelligence a Solution?

Carpet-Bombing Attacks: A Rising Threat to ISPs

How Threat Intelligence Prevents Nameserver Takeovers and Their Far-Reaching Damage

Can Network and Threat Data Correlation Improve SIEM Solutions?

Information Rights Management or User Access Management, Which One Is Better?

Can Security Operations Centers (SOC) Benefit from Third-Party Threat Intelligence?

4 Challenges in Digital Rights Management to Reflect On

The More Threat Intelligence Integrated Into Security Solutions, the Better?

How to Stay Safe Against DNS-Based Attacks

More than Ever: Why Organizations Need Proactive Defense in 2019