Cybersecurity

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

June 8 Deadline for Survey on Recommendations for Future of the Internet

What do you think must be done to ensure the development of an open, trusted, accessible, and global Internet in the future? As part of the Internet Society's "Internet Futures" project, we'd like your input on recommendations for Internet leaders and policy makers. For more background, please read "Help Shape the Future of the Internet" by my colleague Constance Bommelaer, or browse through the Internet Futures pages. more»

Good Samaritans with Network Visibility

In a big open office 30 feet from me, a team of US Veterans speak intently on the phone to businesses large and small, issuing urgent warnings of specific cyber security threats. They call to get stubborn, confused people to take down hidden ransomware distribution sites. They call with bad news that a specific computer at the business has malware that steals login credentials. more»

Conventional Thinking Won't Work in New Era of ISIS & 'Unprecedented' Cyber & Non-Cyber Attacks

Conventional thinking or solutions will no longer work in the new era of ISIS and the 'Unprecedented' cyber and non-cyber attacks we live in today. Like it or not, everyone is impacted, and no one is immune. Whether you are an average citizen, a chairman or CEO of a multinational, or a government or academic institution leader, the questions to ponder are: Do you know what to do next? Do you know what the solution is? more»

Security Costs Money. So - Who Pays?

Computer security costs money. It costs more to develop secure software, and there's an ongoing maintenance cost to patch the remaining holes. Spending more time and money up front will likely result in lesser maintenance costs going forward, but too few companies do that. Besides, even very secure operating systems like Windows 10 and iOS have had security problems and hence require patching. (I just installed iOS 10.3.2 on my phone. It fixed about two dozen security holes.) more»

WannaCry: Patching Dilemma from the Other Side

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma. more»

It's Up to Each of Us: Why I WannaCry for Collaboration

WannaCry, or WannaCrypt, is one of the many names of the piece of ransomware that impacted the Internet last week, and will likely continue to make the rounds this week. There are a number of takeaways and lessons to learn from the far-reaching attack that we witnessed. Let me tie those to voluntary cooperation and collaboration which together represent the foundation for the Internet's development. more»

The Criminals Behind WannaCry

359,000 computers infected, dozens of nations affected world-wide! A worm exploiting a Windows OS vulnerability that looks to the network for more computers to infect! This is the most pernicious, evil, dangerous attack, ever... Queue the gnashing of teeth and hand-wringing! Wait, what? WannaCry isn't unprecedented! Why would any professional in the field think so? I'm talking about Code Red, and it happened in July, 2001. more»

8 Reasons Why Cybersecurity Strategy and Business Operations are Inseparable

In modern society, there is one fact that is unquestionable: The hyper-connectivity of the digital economy is inescapable. A financial institution without an online presence or omni-channel strategy will cease to be competitive. Universities (for-profit or non-profit) must develop and continuously evolve their online learning capabilities if they are to stay relevant. Online retailers are quickly outpacing and rendering their 'brick-and-mortar' counterparts irrelevant. more»

Patching is Hard

There are many news reports of a ransomware worm. Much of the National Health Service in the UK has been hit; so has FedEx. The patch for the flaw exploited by this malware has been out for a while, but many companies haven't installed it. Naturally, this has prompted a lot of victim-blaming: they should have patched their systems. Yes, they should have, but many didn't. Why not? Because patching is very hard and very risk, and the more complex your systems are, the harder and riskier it is. more»

Would You Like Your Private Information to be Available on a VHS or Betamax Tape?

When I was a young child growing up in the late 1980s, my parents were lucky enough to be able to afford to have both a VHS-tape video-recorder in the living room and a Betamax tape recorder in their bedroom. This effectively meant that to me, the great video format wars weren't a decade-defining clash of technologies, but rather they consisted mainly of answering the question "in which room can I watch my favorite cartoons?". more»

In Response to Offensive Destruction of Attack Assets

It is certainly true that DDoS and hacking are on the rise; there have been a number of critical hacks in the last few years, including apparent attempts to alter the outcome of elections. The reaction has been a rising tide of fear, and an ever increasing desire to "do something." The something that seems to be emerging is, however, not necessarily the best possible "something." Specifically, governments are now talking about attempting to "wipe out" the equipment used in attacks. more»

IoT Devices Will Never Be Secure - Enter the Programmable Networks

Harvard Business Review just ran an interesting article on the information security aspects of Internet of Things (IoT). Based on the storyline, the smart city initiatives are doomed to fail unless the security of the IoT devices and the systems will be improved. While security of the digital society is obviously a key concern, I am not entirely convinced that relying on the security of individual devices and systems is the best course of action. more»

Call for Participation - DNSSEC Workshop at ICANN 59 in Johannesburg

Do you have ideas about DNSSEC or DANE that you would like to share with the wider community? Have you created a new tool or service? Have you found a way to use DNSSEC to secure some other service? Do you have new statistics about the growth or usage of DNSSEC, DANE or other related technology? If so, and if you will be in Johannesburg, South Africa, for ICANN 59 in June 2017 (or can get there), please consider submitting a proposal to speak at the ICANN 59 DNSSEC Workshop! more»

Jakarta Declaration Calls on Governments to Recognize Legitimacy of Encryption

Today in Indonesia, media leaders gathered at UNESCO's World Press Freedom Day event issued the "Jakarta Declaration" calling on governments of the world to recognize the importance of a free and independent media in creating "peaceful, just and inclusive societies". The declaration calls on governments to take steps to support the freedom of the press, and, in the midst of the many actions was this statement: Recognise the legitimacy of the use of encryption and anonymisation technologies more»

New Chapter Working Groups Open Closed Doors

One thing was clear from a recent presentation by the new leaders of the SF-Bay Internet Society (ISOC) Chapter Working Groups: inclusion and collaboration will be the key to these groups' success. As Dr. Brandie Nonnecke, the Internet Governance Working Group (WG) Chair said, "We haven't yet cracked the code on what 'multistakeholder' means." But that won't stop her and Dr. Jaclyn Kerr, the Data Protection, Privacy, and Security WG Chair, from trying. more»

News Briefs

Cisco Introduces Intent-Based Network That Can Learn, Adapt and Mitigate Threats

Data on Nearly 200 Million Potential Voters in U.S. Found Fully Exposed

Chinese Scientists Have Built First Quantum Network With No Danger of Being Decrypted

FBI, DHS Release Technical Details on North Korea’s DDoS Botnet Infrastructure

Microsoft Releases Patches to Fix Close to a Hundred Flaws, Including for Unsupported Windows XP

Major Flaw Found in WannaCry Raises Questions on Whether it was Really a Ransomware

Canadian Internet Registration Authority Launches Cloud-Based DNS Firewall Service

NTIA Issues RFC, Asks for Input on Dealing With Botnets and DDoS Attacks

Major Regulatory Changes Needed as Safety and Security Merge, Warns European Commission Report

China's New Cybersecurity Law Will Be in Effect Starting Thursday

Emergency Patch Issued for Samba, WannaCry-type Bug Exploitable with One Line of Code

Bell Canada Discloses Loss of 1.9 Million Email Addresses to Hacker, Says No Relation to WannaCry

WikiLeaks Releases CIA Malware Implants Called Assassin and AfterMidnight

WannaCry Ransomware Cyberattack Spreading to Countries Across the World, 45K Attacks Reported So Far

Trump Signs Cybersecurity Executive Order, Experts Weigh in on the New Draft

FCC Reports Site Attacked Over Net Neutrality Comments, Senators Seek Evidence

French Presidential Candidate Confirms Massive Hack, Emails Dumped Online Two Days Before Election

Germany Investigating Legal Grounds to Destroy Servers Used to Carry Out Cyberattacks

NSA to Stop Collecting American Emails To and From Overseas

A Report on Cyber Espionage Activities of Pawn Storm Over the Past Two Years

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Verisign has qualified for the Online Trust Alliance's (OTA) 2017 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. This is the fifth consecutive year that Verisign has received this honor. ›››

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Verisign has released its latest DDoS Trends Report for the first quarter of this year representing a unique view into the attack trends unfolding online. ›››

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign has just released Q4 2016 DDoS Trends Report providing a unique view into the attack trends unfolding online through observations and insights derived from distributed denial of service (DDoS) attack mitigations, enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign iDefense Intelligence Services. ›››

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

Verisign has released its Q3 2016 DDoS Trends Report providing a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

Defending Against Layer 7 DDoS Attacks

Layer 7 attacks are some of the most difficult attacks to mitigate because they mimic normal user behavior and are harder to identify. Verisign's recent trends show that DDoS attacks are becoming more sophisticated and complex, including an increase in application layer attacks. ›››

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Verisign today released its Q2 2016 DDoS Trends Report providing a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services, and research conducted by Verisign iDefense Security Intelligence Services. ›››

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign is pleased to announce that it has qualified for the Online Trust Alliance's (OTA) 2016 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. ›››

Industry Updates

Participants – Random Selection