Cybersecurity

Sponsored
by

Noteworthy

IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Cybersecurity / Recently Commented

Botnets Now Number One Threat to ISP Backbones

Increasingly-intense distributed denial-of-service (DDOS) attacks on ISP backbones are surpassing providers' capacity and knocking customers offline, according to a new survey of service providers by Arbor Networks. While most large ISPs have upgraded their backbones to 10-Gbit/s speeds over the past two years, three respondents said they have experienced sustained attacks from 20- to 22 Gbit/s, and one hosting services provider in the survey reported a 24-Gbit/s DNS-targeted attack. The most powerful sustained attack previously was 17 Gbit/s, which was reported in last year's survey by Arbor. more

Vint Cerf on Internet's Key Infrastructure

BBC News is running Vint Cerf's personal view on the Internet's future. From the article: "Improving the resilience and resistance to attack of key infrastructure such as the Domain Name System (the phone book of the internet) and the routing system will be major focal points for near-term internet development. Introducing DNSSEC (security for the Domain Name System) and the digital signing of address space by the Regional Internet Registries will assume much higher priority..." more

Cyberattacks on Estonia Further Explored

The distributed denial of service (DDoS) attack that brought down most of Estonia's internet infrastructure a few months ago, has been explored by Joshua Davis in a recent story at the Wired Magazine. "In the coming months, commentators around the world would look back at this moment and debate its significance. But for Aaviksoo, the meaning was clear. This was not the first botnet strike ever, nor was it the largest. But never before had an entire country been targeted on almost every digital front all at once, and never before had a government itself fought back..." more

Understanding the Skype Outage

Skype's official explanation. Phil Wolff has a good set of interpolated comments on the official explanation. There are two things to add... As the Register points out, last Tuesday was Microsoft's monthly patch day and those patches required a re-boot. If we believe Skype that their problem started with excessive login attempts, this is the only plausible explanation on the table... more

Spamford Wallace Gets Sued Yet Again

If there were a lifetime achievement award for losing lawsuits for being annoying, Sanford Wallace would be a shoo-in. Fifteen years ago, his junk faxing was a major impetus for the TCPA, the law outlawing junk faxes. Later in the 1990s, his Cyber Promotions set important legal precedents about spam in cases where he lost to Compuserve and AOL. Two years ago, he lost a suit to FTC who sued his Smartbot.net for stuffing spyware onto people's computers. And now, lest anyone think that he's run out of bad ideas, he's back, on the receiving end of a lawsuit from MySpace... more

Patent Application Reveals Microsoft's Anti-Phish Detection Technology

A Microsoft Patent application has just been published that goes into intricate detail about anti-phishing "predictive model" technology incorporated into Outlook and Outlook Express or providable to third-party providers. The app is entitled "Finding phishing sites." The Patent literature is arguably the most thorough description of how Microsoft email software attempts to find phish email. more

Spam Distribution Infrastructure: New Study Finds 94% of Scams Hosted on Individual Web Servers

Computer scientists, Geoff Voelker and Stefan Savage, from UC San Diego have found striking differences between the infrastructure used to distribute spam and the infrastructure used to host the online scams advertised in these unwanted email messages. This discovery is believed to help aid in the fight to reduce spam volume and shut down illegal online businesses and malware sites. While hundreds or thousands of compromised computers may be used to relay spam to users, most scams are hosted by individual Web servers. more

DNS Attack: 10-Year-Old Security Problem Is Back Haunting Corporate IT

At the Black Hat conference, security researcher Dan Kaminsky showed how problems in the way browser software works with the Internet's Domain Name System (DNS) could be exploited to give attackers access to any resources behind the corporate firewall. The key problem is the way web browsers determine how to trust other computers, says Kaminsky. This decision is based on the Internet domain name of the computer, and that DNS information can be misused... more

Go Daddy, Afilias Announce Joint Venture, Plan to Revitalize .US Domain

In a press release issued today an announcement has been made about the Alliance Registry, a joint venture between Afilias and Go Daddy, which is stated to combine the best in secure technology and marketing capabilities to revitalize the .US top-level domain name. more

Let's Be Careful Out There: Bogus Windows Domains

Last week, my colleagues over at Sunbelt Software discovered a bogus Windows domain being registered earlier this month (where the "w" in "windows" is actually two "v"s). Today, I've been alerted to the fact that are several additional Windows domains which have registered where the "w"s have been also been replaced with "v"s... more

Businesses Losing Battle Against DNS Attack, Says New Study

According to a new research study, companies are in struggle to keep their DNS (Domain Name Systems) protected from malicious attackers. Many businesses remain vulnerable, as over half the respondents reported having fallen victim to some form of malware attack. Over one third had been hit by a denial-of-service attack while over 44 percent had experienced either a pharming or cache poisoning attack. more

ICANN's 29th International Meeting Opens in San Juan

"The future of the Internet will be front and center as the Internet Corporation for Assigned Names and Numbers (ICANN) opens its 29th International Public Meeting in San Juan, Puerto Rico on Monday, 25 June 2007," says the ICANN press release issued today. Discussion will include issues such as new top-level domains and internationalized domain names. more

AOL Spammer Pleads Guilty, Facing Up To 11 Years in Prison

A Brooklyn man has pleaded guilty today for sending spam emails to over 1.2 million AOL subscribers in a scheme that foiled the Internet company's spam-filtering system. Reuters reports: "Adam Vitale, 26, pleaded guilty in federal court in Manhattan to breaking anti-spam laws. He was caught making a deal with a government informant that sent spam e-mails advertising a computer security program in return for 50 percent of the product's profits, prosecutors said." more

California Man Gets 6 Years in Prison for Phishing

A California man who was found guilty earlier this year for operating a sophisticated phishing scheme that attempted to deceive thousands of AOL users has now received a prison sentence of 70 months -- a fraction of the 101 years he could have been given. InformationWeek reports: "In the first jury conviction under the Can-Spam Act of 2003, Jeffrey Brett Goodin, of Azusa, Calif., was convicted of sending thousands of e-mails set up to appear to be from AOL's billing department to the company's users, prompting them to reply with personal and credit-card information. He then used the information to make unauthorized purchases, according to the U.S. Attorney's Office in Los Angeles." more

Security Through Obscurity as an Institution

One of my staff members pointed me to an article by Mikko Hyppönen in Foreign Policy. In this article Mikko argues that a new top level domain (TLD) like .bank for some reason would prevent on-line fraud, at least partially. Mikko seems to be arguing that with a dedicated TLD registry for financial institutions and a fee high enough to act as an entry barrier you would have a trustworthy bank domains that would be immune against today's phising attempts... more

Industry Updates

Afilias Joins Global Commission on the Stability of Cyberspace

i2Coalition Releases Statement On Australian Encryption Law Passing

Neustar to Acquire Verisign's Security Services Customer Contracts

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

DNS-Based Threats: Cache Poisoning

KSK Rollover Webinar to Be Held with ECO and ICANN Tuesday, April 24th

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

DNS-Based Threats: DNS Reflection and Amplification Attacks

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Percent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate