Cybersecurity

 Sponsored
by

Cybersecurity / Featured Blogs

The Report on “Securing Cyberspace for the 44th Presidency”

Dec 15, 2008

A report "Securing Cyberspace for the 44th Presidency" has just been released. While I don't agree with everything it says (and in fact I strongly disagree with some parts of it), I regard it as required reading for anyone interested in cybersecurity and public policy. The analysis of the threat environment is, in my opinion, superb; I don't think I've seen it explicated better. Briefly, the US is facing threats at all levels, from individual cybercriminals to actions perpetrated by nation-states. The report pulls no punches... more

Cybercrime and “Remote Search”

Dec 03, 2008

According to news reports, part of the EU's cybercrime strategy is "remote search" of suspects' computers. I'm not 100% certain what that means, but likely guesses are alarming. The most obvious interpretation is also the most alarming: that some police officer will have the right and the ability to peruse people's computers from his or her desktop. How, precisely, is this to be done? Will Microsoft and Apple – and Ubuntu and Red Hat and all the BSDs and everyone else who ships systems – have to build back doors into all operating systems? more

Why DNS is Broken, in Plain English

Nov 14, 2008

At ICANN's meeting in Egypt last week, I had the opportunity to try and explain to various non-technical audiences why the Domain Name System (DNS) is vulnerable to attack, and why that is important, without needing a computer science degree to understand it. Here is the summary. more

The Harsh Reality of Spam and Online Security… Should I Stay or Should I Go?

Nov 13, 2008

Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more

Proposal for Signing the DNSSEC Root

Nov 13, 2008

The U.S. National Telecommunications and Information Administration (NTIA) is soliciting comments on signing the DNSSEC root. Ignore the caption on the page: this is not about DNSSEC deployment, which is already happening just fine. It's about who gets to sign the root zone. more

More on ‘Researchers Hijack Storm Worm to Track Profits’

Nov 10, 2008

Always good for information on the spam economy, Brian Krebs of the Washington Post has just published a truly fascinating article: Researchers Hijack Storm Worm to Track Profits. Bottom line: a one-in-twelve-million conversion rate of spam to sales seems to be enough to keep the spam economy going. The article covers a project by researchers at UC San Diego and UC Berkeley, who managed to infiltrate the Storm Worm bot network and take over a small portion of it. more

Domain Slammers Go Phishing

Oct 30, 2008

ICANN introduced a requirement for domain name registrars to send out annual notices to all their customers (registrants) to check the Whois on their domain names to ensure the information is correct. While this seemed fairly reasonable (if cumbersome), the fact is it confuses the heck out of people -- and creates a whole lot of confusion for registrants. But that was a problem we could deal with. Fast-forward to October, 2008... more

Phishing Registrar Accounts: eNom is First Target

Oct 29, 2008

Criminals are now looking to use established domain names, via phishing targeted at domain registrars. This is possibly related to ICANN finally moving to stop the black hat registrars of the world. According to the first report on the matter sent yesterday to Registrar Operations (reg-ops) mailing list, the attacks seem to be run by gang of child pornography spammers. more

Co-Operation to Make the Domain Business More Secure

Oct 24, 2008

In order to provide more security for the Domain Name System (DNS), a group of large domain-name registries and registrars has got together with IT security providers and government agencies to launch a new workgroup: the "Registry Internet Safety Group" (RISG). The announcement was made by the Public Internet Registry, which operates the .org domain, and its backend provider Afilias. more

The Growing Security Concerns… Don’t Have Nightmares

Oct 21, 2008

Anyone concerned about the security of their computers and the data held on them might sleep a little uneasily tonight. Over the past few weeks we've heard reports of serious vulnerabilities in wireless networking and chip and pin readers, and seen how web browsers could fall victim to 'clickjacking' and trick us into inadvertently visiting fake websites. The longstanding fear that malicious software might start infecting our mobile phones was given a boost... And now a group of researchers have shown that you can read what is typed on a keyboard from twenty metres away... more

Industry Updates

A Glimpse into the Global Domain Registration Trends Seen in Q1 2024

Uncovering Suspicious Download Pages Linked to App Installer Abuse

On the DNS Trail of the Rise of macOS Backdoors

Checking Out the DNS for More Signs of ResumeLooters

WhoisXML API Publishes a New Study of 7 APT Groups That Have Targeted North America

Searching for Potential Propaganda Vehicle Presence in the DNS

Following the VexTrio DNS Trail

DarkGate RAT Comes into the DNS Spotlight

Tracing Ivanti Zero-Day Exploitation IoCs in the DNS

DNS Investigation: Is xDedic Truly Done for After Its Takedown?

DNS Deep Diving into Pig Butchering Scams

The New RisePro Version in the DNS Spotlight

CSC Partners with NetDiligence to Help Mitigate Cyber Risks and Support the Cyber Insurance Ecosystem

  • By CSC
  • Feb 21, 2024

Tracking Down Sea Turtle IoCs in the DNS Ocean

Tracing the DNS Spills of the OilRig Cyber Espionage Group

View More