Cybersecurity

Sponsored
by

Noteworthy

IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Cybersecurity / Recently Commented

Microsoft to Hunt Down Typo-Squatters Using URL Tracer

Microsoft Research has released a new tool to help pinpoint large-scale typo-squatters that are known to be gaming pay-per-click domain parking services.

The lightweight prototype, called Strider URL Tracer, builds on the work within Microsoft's Cybersecurity and Systems Management group to keep tabs on a sophisticated typo-squatting scheme that uses multilayer URL redirection to make money from Google's AdSense for domains program. more

University Researchers Heighten Focus on VoIP Security Threats

With VoIP starting to live up to some of the hype, university researchers are looking to ensure that the technology's momentum in corporate and residential markets won't be ruined by myriad security threats.

The National Science Foundation this week said it has issued $600,000 to the University of North Texas to spearhead development of a multi-university test bed to study VoIP security. Other participants are Columbia University, Purdue University and the University of California-Davis. more

Examining Two Well-Known Attacks on VoIP

VoIP is here to stay. In fact many incumbent telecommunication carriers have started offering VoIP service for sometime and several new VoIP service providers have emerged. Aside from issues such as quality of service, the aspect of security, or lack thereof, is misunderstood by some of the VoIP service providers. This purpose of this article is to discuss two of the most well known attacks that can be carried out in current VoIP deployments. more

Report on Why Phishing Works Despite Warnings

Three U.S. academics have published research into why phishing scams are still finding success, years after widespread public warnings first appeared.

Most people have received an e-mail purporting to be from a bank or other online service that asks for personal and financial details. Occasionally, it has been for a bank or service for which the recipient is a customer. Even in that situation, many people still know to be wary. more

MIT Spam Conference on Phishing as the Worst Spam Problem

At the fourth annual MIT Spam Conference held in Boston Tuesday, speakers said that while the volume of spam ebbs and flows, the nature of unwanted email is steadily becoming more dangerous...

Fresh from an IETF meeting last week, Sendmail's Chief Science Officer Eric Allman spoke about the progress being made with DomainKeys Identified Mail (DKIM), a sender-authentication proposal from Yahoo and Cisco that's wending its way through the standards body, and how it can be used to fight phishing. more

Antispam Confab Looks Beyond Filters

The fight against spam, phishing and e-mail fraud should focus on economic incentives and aiding law enforcement, according to attendees at a conference examining the problem this week.

Speakers at MIT's 2006 Spam Conference were notably cognizant of the recent proposals of white lists and AOL's Goodmail, a pay per e-mail service offering preferential treatment in e-mail delivery for marketers. It is also one year since the implementation of Can-Spam, the federal law that sets e-mail marketing standards and makes it less complicated for law enforcement to go after John Doe spammers. more

DNS Hackers Target Domain Registrars

Hackers have launched distributed denial of service attacks against the Domain Name System (DNS) servers of a brace of domain name registrars over recent days. The motive for the separate attacks against VeriSign and Joker.com remains unclear.

VeriSign said the attack on its name servers caused a "brief degradation" in the quality of its service to customers for around 25 minutes on Tuesday afternoon, ComputerWorld reports. Domain registrar Joker.com is recovering from an attack on its name servers last week that lasted for six days up until last Sunday. Joker.com, which is based in Germany, handles the registration of approximately 550,000 domains. more

DNS Servers Do Hackers' Dirty Work

"DNS is now a major vector for DDOS," Dan Kaminsky, a security researcher said, referring to distributed denial-of-service attacks. "The bar has been lowered. People with fewer resources can now launch potentially crippling attacks."

Just as in any DDOS attack, the target system -- which could be a victim's Web server, name server or mail server -- is inundated with a multitude of data coming from multiple systems on the Internet. The goal is to make the target unreachable online by flooding the data connection or by crashing it as it tries to handle the incoming data.  more

Freedom to Connect

Over the last ten years, Andrew Odlyzko has been writing about a pricing algorithm that would assure reasonable service levels at reasonable prices. If you're going to F2C, you might want to read that brief article or this slightly more complex one to learn (or refresh your sense of) PMP -- Paris Metro Pricing models to deal with network congestion. You'll also get a sense of why throwing bandwidth at the network will not be sufficient. Here's a great article from 1995... more

Coalition Recommends Tools to Combat Phishing

ISPs and e-commerce sites can employ more tools to combat phishing scams, including "white lists" of legitimate Websites and using false identification information to scam the scammers, according to a report released Thursday.

The report, released by a coalition of consumer groups, technology vendors, financial services organizations and law enforcement agencies, also calls on Internet companies to step up their consumer education efforts. more

Skype: When Good Press Releases Go Bad

Burton Group issued a press release last week announcing the conclusions of my recent report on Skype. I thought the release clearly stated our conclusions on Skype, which essentially were that there are indeed security and management concerns that enterprises ought to be aware of, but that those risks may be outweighed by the business benefits offered by the use of the application, and that enterprises must carefully weigh risk vs. reward when evaluating Skype usage. more

VoIP Security FUD

I'm continually amazed by the amount of FUD being spread with regard to VoIP security threats. People...the sky is not falling. VoIP isn't e-mail. It isn't implemented like e-mail, it won't be implemented like e-mail (maybe "it shouldn't be implemented like e-mail" is a more appropriate statement). Following best security practices will ensure at least a level of security equivalent to current TDM systems. Best FUD I've heard this week: VoIP is insecure because you can simply put a bridge on an ethernet line and capture a stream. Hey, has anyone ever heard of alligator clips? more

Effects of Domain Hijacking Can Linger

Malicious hackers who are able to hijack an organization's Web domain may be able to steal traffic from the legitimate Web site long after the domain has been restored to its owner, according to a recent report.

Design flaws in the way Web browsers and proxy servers store data about Web sites allow malicious hackers to continue directing Web surfers to malicious Web pages for days or even months after the initial domain hijacking. more

Telecom Regulatory Authority of India Recommends IPv6 Transition

Faced with increasing demand for Internet protocol addresses, better quality of service and security, the Telecom Regulatory Authority of India (Trai) today recommended a transition from the existing version of internet protocol (IPv4) to the next-generation IPv6 platform.

The regulator has proposed the setting up of a National Internet Registry (NIR) in the country, within the framework of the Asia Pacific Network Information Centre (APNIC), and the Regional Internet Registry, utilizing the existing set-up of National Internet Exchange of India (NIXI). Currently all users in India buy their Internet protocol addresses from the APNIC. more

US Warns of Fake Net Domain Data

More than 5% of the net's most popular domains have been registered using "patently false" data, research shows.

A US congressional report into who owns .com, .net and .org domains found that many owners were hiding their true identity. The findings could mean that many websites are fronts for spammers, phishing gangs and other net criminals. more