Cybersecurity

Sponsored
by

Cybersecurity / Recently Commented

Cybersecurity Is Failing Big-Time and This Is Hard to Fix

It has become clear that having a big cybersecurity war room is not enough to deliver true end-to-end security throughout the complex networks, systems and structures on which our modern society is based. Furthermore, looking at the forever changing draconian government interventions in this space, it is also obvious that they are often stabbing in the dark. more

Marking the 30th Anniversary of the Internet and Cybersecurity Treaty

Next week on 1 July 2020 marks the 30th anniversary of one of the most significant treaty instruments in modern times. On 1 July 1990, the Melbourne Treaty came into force as the first and only global treaty that enabled worldwide internets and mobile networks to exist, together with the cybersecurity provisions designed to protect those infrastructures. The achievement remains as an enduring tribute to Richard Edmund Butler of Australia who was one of the most influential, and best-loved Secretaries-General of the ITU. more

Trust Binding

A few months ago, there was a lot of discussion that despite its claims, Zoom did not actually offer end-to-end encryption. They're in the process of fixing that, which is good, but that raises a deeper question: why trust their code? (To get ahead of myself, this blog post is not about Zoom.) If Zoom has the key but doesn't abuse it, there isn't a problem, right? Let's fast-forward to when they deploy true end-to-end encryption. Why do we trust their code not to leak the secret key? more

Surveillance Capitalist in Chief

Surveillance capitalism monetizes private data that it collects without consent of the individuals concerned, data to analyze and sell to advertisers and opinion-makers. There was always an intricate relationship between governments and surveillance capitalists. Governments have the duty to protect their citizens from the excesses of surveillance capitalism. On the other hand, governments use that data, and surveillance capitalism's services and techniques. more

A Short History of Internet Protocol Intellectual Property

A little over 25 years ago, the Internet Society proposed that they assume responsibility for the DARPA Internet Protocol (IP) specifications Intellectual Property Rights (IPR) that were being evolved by the Internet Engineering Task Force (IETF) to facilitate their use by the mainstream network communication standards bodies and providers. Last week, the IETF, in an attempt to fend off alternative Internet Protocols emerging in the 5G ecosystem and create a standards monopoly, asserted... more

Zoom Cryptography and Authentication Problems

In my last blog post about Zoom, I noted that the company says "that critics have misunderstood how they do encryption." New research from Citizen Lab show that not only were the critics correct, Zoom's design shows that they're completely ignorant about encryption. When companies roll their own crypto, I expect it to have flaws. I don't expect those flaws to be errors I'd find unacceptable in an introductory undergraduate class, but that's what happened here. more

Zoom Security: The Good, the Bad, and the Business Model

Zoom - one of the hottest companies on the planet right now, as businesses, schools, and individuals switch to various forms of teleconferencing due to the pandemic - has come in for much criticism due to assorted security and privacy flaws. Some of the problems are real but easily fixable, some are due to a mismatch between what Zoom was intended for and how it's being used now - and some are worrisome. more

Zoom Faces Class-Action Lawsuit, Accused of Overstating Its Privacy Standards

The video-conferencing company Zoom is facing a class-action suit filed on Tuesday accusing it of overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted. more

COVID-19, WHOIS, and the Pressing Need for Help With Domain Name System Abuse

As widely reported, and not surprising, the internet is swimming in COVID-19 online scams. Criminals, accustomed to rapidly grabbing online territory during times of crisis and profiting from public fear, are working overtime in the face of the coronavirus. Unfortunately, ICANN's failure to enforce its minimal WHOIS and DNS abuse requirements has resulted in delayed mitigation efforts at a time when swift responses are needed to protect the public from COVID-19 scams. more

At the Crossroads: The State of Domain Registration Data Services

The Internet's users rely on domain name registration information for vital purposes, including providing security, problem-solving, and legal and social accountability. The data is so important that users perform more than two billion WHOIS queries every day. ICANN has instituted new data policies over the last two years, and is also directing a migration to a new technical protocol, RDAP, that will replace WHOIS access in the near future. So at this critical juncture, how is it all going? more

Dear U.S.A. – Observations on the Cyber Solarium Commission Report

I am writing to you as someone who is not your citizen, (although I had the fortune to wed the most beautiful of your daughters), to share my thoughts about the recent US Government Cyber Solarium Commission report. U.S.A. We owe you one! Without you and your citizens there would be no free Internet as we know it. Thank You! Your constitution is our inspiration. We, the global digital citizenship want to be "the people", in order to "secure the Blessings of Liberty to ourselves and our Posterity..." more

Why Are Internet Security Standards Badly Deployed and What to Do About It?

In 2019 under the aegis of the Internet Governance Forum, a pilot project was conducted into the causes of and solutions for the, in general, slow deployment of internet security standards. Standards that on mass deployment make the Internet and all its users safer, indiscriminately, immediately... Recently the report 'Setting the standard. For a more Secure and Trustworthy Internet. The Identification of Pressure Points in Society to Speed up Internet Standards Deployment', was published on the IGF website. more

Firefox Starts the Roll Out of DNS Over HTTPS (DoH) by Default for US-Based Users

According to the company, the rollout will continue over the next few weeks to confirm that no major issues are discovered as this new protocol is enabled. more

Truth in Web Digital Identity?

Most of us, when we go to a website and see the little lock at the top of the browser, don't think twice and trust that we are communicating with the right company or organization. However, this is no longer the case because of a rather radical development that has largely occurred without notice or intervention by almost everyone. The web now has its own rapidly spreading version of CallerID spoofing that is about to get worse. more

Internet Governance Outlook 2020: The Next Generation of Players and Problems Is Coming

The beginning of a new decade is always an invitation to have a broader look into the future. What, in the next ten years, will happen in the Internet Governance Ecosystem? Will the 2020s see the usual swinging pendulum between more liberal and more restrictive Internet policies in an interconnected world? Or will we move towards a watershed? more

Industry Updates

Hundreds of Election-Related Domain Names Seen as 2020 U.S. Elections Nears

Upward Trend Seen in "All Lives Matter," "BLM," and "Protest" Domain Registrations

Punycode Phishing: Internationalized Domain Names Remain a Threat in 2020

Domain Security Report – Forbes Global 2000 Companies

WhoisXML API Detects Hundreds of Microsoft-Inspired Typo Domains

Typosquatting Data Feed Can Enhance Lloyds Bank's Typosquatting Protection

60+ PayPal Potential Typosquatting Domains Detected in the Beginning of June

Typosquatting Domains Every AppleID Owner Should Avoid

Shopping and the Pandemic: Increased Reliance on Mobile Apps 

Typosquatting Protection: A Look into Instagram-Themed Domain Names

Investigating Typo Domains Beyond Credit Suisse's Spying Scandal

IP Geolocation Intelligence: An Aid Against Location-Based Threats?

Newly Registered Domains List Show Recent Registrations Continue to Pose Cybersecurity Risks

How to Avoid Phishing Campaigns Targeting CARES Act Recipients

Newly Registered Domains Database Shows Threat Actors Exploit the Need for N95 Masks amid the Pandem