Cybersecurity

Sponsored
by

Cybersecurity / Recently Commented

Internet Governance Outlook 2020: The Next Generation of Players and Problems Is Coming

The beginning of a new decade is always an invitation to have a broader look into the future. What, in the next ten years, will happen in the Internet Governance Ecosystem? Will the 2020s see the usual swinging pendulum between more liberal and more restrictive Internet policies in an interconnected world? Or will we move towards a watershed? more

6 Ways to Strengthen DNS Security

The domain name system (DNS) grew to prominence during the initial, innocent days of the internet. During that time, early internet users tended to work for government or education organizations where trust was assumed, and security was not even a consideration. Since the online community was small and the internet was sparsely used, the importance of DNS was not widely understood, and as a consequence, left undefended. more

What's Behind the Secure DNS Controversy and What Should You Do About It?

Anyone that has attended a meeting of the Internet Engineering Task Force (IETF) will know that the somewhat dry topic of internet protocols is often the source of passionate disagreement. But rarely does that debate extend beyond the confines of internet engineers. That has not been the case with a new protocol which aims to make the Internet's underlying domain name system more secure by default. more

The End of the Road: ICANN, Whois, and Regulation

There's a well-documented crisis facing the domain name system: very few who rely on domain name registration data from the Whois database to perform vital functions can do so any longer, which is escalating consumer harm and abuse on the internet worldwide. And the problems, thanks to ICANN's overly restrictive policy post-GDPR and a failing policy process, are piling up. more

Doing Our Part for a Safer, Stronger DNS

Public Interest Registry is the industry leader of DNS Anti-Abuse efforts on the Internet. Since our inception, we have worked to empower people and organizations that use the Internet to make the world a better place. Whether a .ORG is the foundation of an individual voice, a global non-profit, or any organization that is part of the mission-driven .ORG community, we are proud to have earned the trust of so many dedicated users. more

Let's Have an Honest Conversation About Huawei

On May 29, I attended an AEI event on "International economics and securing next-generation 5G wireless networks," with Ambassador Robert Strayer, who heads the U.S. State Department's CIP team. But the focus of the talk was not really on 5G security, international trade or 5G development. In fact, there was no constructive agenda at all. The talk was an extended attack on China and the Chinese-based telecommunications vendor Huawei – another episode in an ongoing U.S. government campaign to shut Huawei and other Chinese firms out of the U.S. market, and to convince every other country in the world to do the same. more

Leading Domain Registries and Registrars Release Joint Document on Addressing 'DNS Abuse'

A group of leading domain name registries and registrars have joined forces in the fight against abuse in the Domain Name System (DNS), by developing a "Framework to Address Abuse." Each contributing company has shared its expertise and experience mitigating abusive practices with the goal of submitting the resulting Framework as a foundational document for further discussion in the multistakeholder community.  more

Business Email Compromised (BEC) Scams Explode Under the GDPR Implementation

Business email compromised (BEC) attacks targeting American companies are exploding, with an increase of over 476% in incidents between Q4 2017 and Q4 2018. Up as well is email fraud with companies experiencing an increase of over 226%. These highly targeted attacks use social engineering to identify specific company employees, usually in the finance department and then convince these employees to wire large sums of money to third-party banking accounts owned by the attackers. more

DNS-over-HTTPS: Privacy and Security Concerns

The design of DNS included an important architectural decision: the transport protocol used is user datagram protocol (UDP). Unlike transmission control protocol (TCP), UDP is connectionless, stateless, and lightweight. In contrast, TCP needs to establish connections between end systems and guarantees packet ordering and delivery. DNS handles the packet delivery reliability aspect internally and avoids all of the overhead of TCP. There are two problems this introduces. more

A New Project Called Handshake Wants to Decentralize DNS, Says It's Unlike Previous Attempts

An entity called the Handshake Network claims its newly developed open source project offers advantages over the traditional naming and signature systems. more

5G Security Transparency

There is considerable rhetoric propagated today about 5G security. Some of the more blatant assertions border on xenophobia with vague assertions that the 5G vendors from some countries cannot be trusted and wholesale government banning is required. Existing treaty obligations are being summarily abrogated in favour of bilateral trade bullying. These are practices that the late President George H.W. Bush sought to eliminate a quarter century ago through intergovernmental organization initiatives... more

Making Voting Easy is Scaring the Life Out of Security Experts

Apollo 11 was the spaceflight which landed the first two humans on the Moon. Commander Neil Armstrong and lunar module pilot Buzz Aldrin landed the Apollo Lunar Module, Eagle, on July 20, 1969. Armstrong became the first person to step onto the lunar surface six hours later, and Aldrin joined him 19 minutes later. The two astronauts spent about two and a quarter hours outside the spacecraft, and they collected 47.5 pounds of lunar material to bring back. more

Five Inconvenient Facts about the Migration to 5G Wireless

An unprecedented disinformation campaign purposefully distorts what consumers and governments understand about the upcoming fifth generation of wireless broadband technology. A variety of company executives and their sponsored advocates want us to believe that the United States already has lost the race to 5G global market supremacy and that it can regain it only with the assistance of a compliant government and a gullible public. more

A Report on the ICANN DNS Symposium

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space... more

A Short History of DNS Over HTTP (So Far)

The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL. more

Industry Updates

How Domain Reputation API Can Help Detect HTTPS-Protected Phishing Sites

Reverse Domain Hijacking and the Use of WHOIS and Domain Brand Monitoring Tools

DNS Hijacking: The Iranian Cybersecurity Threat That May Be Overlooked

Addressing Cybersquatting Dangers Using Brand Alert API and WHOIS Lookup

Retrospective: Post-GDPR Compliance Rates for Domain Enforcement

Fake Airline Ticket Scams: Domain Spoofing and Other Red Flags

Reverse Domain Name Hijacking: What It Is and How to Avoid It through a Domain Availability Check

The Need for Email Address Verification in Light of Subpoena-Themed Phishing Attacks

Mobile Apps Take the Lead, Scammers Follow

The High Cost Of Privacy In A Post-GDPR World

How Threat Intelligence Software Can Help Prevent Breaches Caused by Server Misconfigurations

The Louisiana State Ransomware Attack: Enhancing Cyberdefense with Reverse IP Address Lookup

How Can Domain Intelligence Analysis Help in Vetting Third-Party Providers

Using Threat Intelligence Feeds to Prevent Orcus RAT Infections

Billtrust Breach: Can Threat Intelligence Platforms Help with Ransomware Prevention?