Cybersecurity

Sponsored
by

Cybersecurity / Featured Blogs

On the Upcoming Hearings on ICANN by the US Senate

I was a witness at the two prior hearing, one in 2001 and another in 2002 - it's quite an experience.

My submission to this year's hearing is online at http://www.cavebear.com/rw/senate-july-31-2003.htm

What's going to be said by the witnesses? I don't know. But I have some guesses... more

U.S. Senate's Hearing on ICANN

Later today, Senator Conrad Burns, who chairs the U.S. Senate subcommittee responsible for supervising ICANN, will be holding a hearing on a number of issues.

At the beginning of the year, a press release called "Burns Unveils NexGenTen Agenda For Communications Reform and Security in the 21st Century", had reported:

"U.S. Sen. Conrad Burns (R-Mont.) announced his top priorities for his chairmanship of the Senate Communications Subcommittee during the 108th legislative session. The ten items, called the Burns NexGenTen Tech Agenda, aim to strengthen security and usher reform for 21st Century Communication... more

Moving Target: Spammer Using Over 1000 Home Computers as DNS

Some individual appears to have hijacked more than a 1,000 home computers starting in late June or early July and has been installing a new Trojan Horse program on them. The Trojan allows this person to run a number of small websites on the hijacked home computers. These websites consists of only a few web pages and apparently produce income by directing sign-ups to for-pay porn websites through affiliate programs. Spam emails messages get visitors to come to the small websites.

To make it more difficult for these websites to be shut down, a single home computer is used for only 10 minutes to host a site. After 10 minutes, the IP address of the website is changed to a different home computer... more

Juniper's IPv6 Advocate Tests Mythology

IPv6 advocacy has been tainted by FUD and half-truth. CommsWorld recently interviewed Juniper's Jeff Doyle, who is a strong supporter of IPv6 -- but who also has little patience for IPv6 mythology. Forget security, half-true address crises and QoS: the best reason for the world to run with IPv6 is what's driven the Internet all along -- innovationmore

Fight Spam With the DNS, Not the CIA

It seems like spam is in the news every day lately, and frankly, some of the proposed solutions seem either completely hare-brained or worse than the problem itself. I'd like to reiterate a relatively modest proposal I first made over a year ago: Require legitimate DNS MX records for all outbound email servers.

MX records are one component of a domain's Domain Name System (DNS) information. They identify IP addresses that accept inbound email for a particular domain name. To get mail to, say, linux.com, a mail server picks an MX record from linux.com's DNS information and attempts to deliver the mail to that IP address. If the delivery fails because a server is out of action, the delivering server may work through the domain's MX records until it finds a server that can accept the mail. Without at least one MX record, mail cannot be delivered to a domain.
 more

Internet Governance: There Are No Masterplans

Please pardon me if I start this story by telling about an incident that happened to me at the Madrid airport while flying to the ICANN meetings in Rio.

It was about midnight when, after flying in from Turin, my hometown, I had to go through the passport control to reach my gate for the flight to Rio. The war between the US/UK and Iraq had started two days before, and even if the Spanish government was among its supporters, security checks were apparently proceeding as usual. Passport controls inside the EU for EU citizens usually take a few seconds, and the line ahead of me was proceeding quickly. more

Brownian Motion And ICANN's Latest Status Report To The United States

Brownian motion is the ceaseless random movement of particles suspended in a warm fluid. The particles move because they are buffeted by random collisions with molecules and atoms speeding this way and that under the impetus of heat. The greater the heat, the greater the motion. But no matter how much motion and how much heat, Brownian motion brings no progress.

Today I learned from Bret Fausett's ICANN Blog that ICANN has just published its Sixth Status Report Under ICANN/US Government Memorandum of Understanding, dated March 31, 2003. This report is subtitled "Report by ICANN to United States Department of Commerce Re: Progress Toward Objectives of Memorandum of Understanding" (emphasis added.) more

With No Privacy Standards Who Knows Who Is Abusing The Whois Database

John Banks is a loan officer in New York. John's supervisor recently warned John about the potential number of bad loans he may be carrying as part of his portfolio. To dump some of the bad loans he might be carrying, John came up with a scheme. He pointed his web browser to www.whois.org and entered terms denoting disease or poor health such as 'cancer' and 'illness'. This query on the Internet's WHOIS database reported results of names and addresses of domain name owners who had developed websites devoted to providing information on certain serious illnesses. John compared these names and addresses with those in his portfolio of loans. For the matches, he canceled the loans and required immediate payment-in-full. more

98% Of Internet's Main Root Server Queries Are Unnecccary: Should You Be Concerned?

A recent study by researchers at the Cooperative Association for Internet Data Analysis (CAIDA) at the San Diego Super Computer Center (SDSC) revealed that a staggering 98% of the global Internet queries to one of the main root servers, at the heart of the Internet, were unnecessary. This analysis was conducted on data collected October 4, 2002 from the 'F' root server located in Palo Alto, California.

The findings of the study were originally presented to the North American Network Operators' Group (NANOG) on October 2002 and later discussed with Richard A. Clarke, chairman of the President's Critical Infrastructure Protection Board and Special Advisor to the U.S. President for Cyber Space Security. more

United Nations vs. ICANN: One ccTLD At A Time

What happens if ICANN fails? Who will run the DNS then?

Of course to many, ICANN already has failed -- spectacularly so. Critics have long complained that ICANN not only lacks accountability and legitimacy, but also that it is inefficient (at best) and downright destructive (at worst). According to these critics, ICANN's many sins include threatening the stability of the Internet, limiting access by imposing an artificial domain name scarcity, and generally behaving like a petulant dictator. more

Industry Updates

Billtrust Breach: Can Threat Intelligence Platforms Help with Ransomware Prevention?

Post NordVPN Data Exposure: Using Domain Threat Intelligence to Prevent MitM Attacks

InterMed Breach: How Threat Intelligence Sources Help Maintain Domain Integrity

BriansClub & PoS Malware Attacks: How Threat Intelligence Solutions Help Prevent Payment Card Theft

How Reverse WHOIS Search Can Help Protect Against MegaCortex and Other Ransomware

The Web.com Data Breach: A Quick Investigation with Domain Reputation Lookup

Do Security Service Providers Need Their Own Data Scientists?

SOAR Versus SIEM: The Fundamental Differences

Being Cybersecure Is Not Enough, Become Cyber-Resilient Instead

Is Your Organization Mature Enough for Security Orchestration, Automation, and Response?

Can Security Analytics Combat Digital Fraud with IP and Domain Name Monitoring?

Afilias Endorses Global Commission on the Stability of Cyberspace Final Report at Paris Peace Forum

Moving from the Castle-and-Moat to the Zero-Trust Model

What to Look for in Digital Forensics and Incident Response Experts

Why IT Security and DevOps Teams Are Often at Odds