We're learning this week that we have officially passed the one billion number in terms of people using the Internet. Eric Schonfeld writes in his article on TechCrunch that the number is probably higher than that. One billion is a staggering number, even though it makes up only 15 to 22 percent of the world's population. Nevertheless, those one billion Internet users give us a lot to deal with on their own in terms of social and security issues on the web. more
Continued exploitation of the financial crisis to scam users with fake financial transactions services, fake investment firms, and fake legal services is the top trend to emerge for 2009 according threat predictions by McAfee. "Computer users face a dangerous one-two punch today," said Jeff Green, senior vice president of McAfee Avert Labs, McAfee's research group. "The current economic crisis is delivering a blow to our financial well-being, while malware authors are taking advantage of our distraction to deliver a roundhouse strike." more
Amidst all the recent reports of data breaches, Gunter Ollmann of IBM Internet Security Systems, has reported today about one particular case which may be the largest data breach to date. Ollmann wirtes: "The media has been full of analysis concerning data breaches over the last couple of weeks, mostly related to the uptick in 2008 reports. While much of this increase can be accounted for by the wider adoption of state legislation that mandates companies to publicly disclose their data breaches, I think it is worth pointing out today's latest disclosure -- which is quite probably the largest breach ever." more
Security researchers have identified a new phishing attack method designed to trick users into surrendering confidential information after they have logged on to an online banking, brokerage, or other sensitive website. The technique, called In Session Phishing, can be used to inject into all major browsers legitimate looking Pop Up messages using malicious JavaScript that request passwords, account numbers, etc., on behalf of the trusted website. more
Admittedly, I'm a not Johnny-come-lately with regards to surveillance, intelligence, telecommunications, network security, law enforcement, and a cross-pollination of all-of-the-above. I actually have a very colorful background of working within all of the aforementioned disciplines - at one time or another - either through the U.S. Military, U.S Government contractors, private industry, etc. ... And unfortunately, I am not generally "shocked" very often by much of the abuses being perpetrated on unwitting Internet users, both by supposedly "trusted" entities (e.g. Democratic Governments, ISPs, etc.) more
Here is a list of the most viewed news and blog postings that were featured on CircleID in 2008... Best wishes for 2009 and Happy New Year from all of us here at CircleID. more
In a 52 page security report released by Cisco, the company has confirmed what has been consistently been observed through out this year: "the Internet-based attacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers." The 2008 edition of the report has specified the year's top security threats and offers recommendations for protecting networks against attacks that are propagating more rapidly, becoming increasingly difficult to detect, and exploiting technological and human vulnerabilities. more
A report "Securing Cyberspace for the 44th Presidency" has just been released. While I don't agree with everything it says (and in fact I strongly disagree with some parts of it), I regard it as required reading for anyone interested in cybersecurity and public policy. The analysis of the threat environment is, in my opinion, superb; I don't think I've seen it explicated better. Briefly, the US is facing threats at all levels, from individual cybercriminals to actions perpetrated by nation-states. The report pulls no punches... more
The latest issue of Policy Review from the Hoover Institution, a public policy research center -- focused on advanced study of politics, economics, and political economy -- has an essay titled eWMDs – electronic weapons of mass destruction. The Policiy Review readers are warned that botnets should be considered a serious security problem and that "cyber attacks present a grave new security vulnerability for all nations and must be urgently addressed." more
The recent Facebook case has placed the spotlight on Canada's ongoing failure to address its spam problem by introducing long overdue anti-spam legislation. The fact that organizations are forced to use U.S. courts and laws to deal with Canadian spammers points to an inconvenient truth – Canadian anti-spam laws are woefully inadequate and we are rapidly emerging as a haven for spammers eager exploit the weak legal framework. more
According to news reports, part of the EU's cybercrime strategy is "remote search" of suspects' computers. I'm not 100% certain what that means, but likely guesses are alarming. The most obvious interpretation is also the most alarming: that some police officer will have the right and the ability to peruse people's computers from his or her desktop. How, precisely, is this to be done? Will Microsoft and Apple – and Ubuntu and Red Hat and all the BSDs and everyone else who ships systems – have to build back doors into all operating systems? more
Credit card information is the most advertised category of goods and services on the underground economy accounting for 31 percent of the total, according to recent data found by security experts. In a report released today by Symantec, stolen credit card numbers are reported to sell for as little as $0.10 to $25 per card with the average advertised stolen credit card limit at more than $4,000. According to calculations, the potential worth of all credit cards advertised during the reporting period was $5.3 billion. more
In the midst of the election season, Congress passed a plethora of Internet related laws. Most involved child protection. One involved webcaster protection. Wasting no time, the impact of the new laws is already being felt through federal agency implementation. On Friday, the National Telecommunications and Information Administration (NTIA) in the Department of Commerce released the following notice... more
A Court of Appeals in Kentucky has granted a motion to delay a forfeiture hearing that will determine the fate of 141 domain names related to online gambling and poker sites. The Interactive Media Entertainment and Gaming Association (iMEGA), an Internet trade association based in Washington, D.C., asked the three-panel appeals courts to grant a stay so that the appeals court could consider iMEGA's petition to have the lower court seizure ruling overturned. more
Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more
A World-Renowned Source for Internet Developments. Serving Since 2002.