Cybersecurity

Sponsored
by

Noteworthy

IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Cybersecurity / Recently Commented

Reviving Concerns Over Internet Control

Starting next week, about 1,200 diplomats and technology ministers will gather at a hotel in the outskirts of Athens to resume a debate that has often pitted the Bush administration and a handful of its Western allies against Brazil, India, China and African countries. Officially, the inaugural meeting of the United Nations' Internet Governance Forum is designed to explore topics like free speech, security, spam and multilingualism... more

UN Internet Governance Forum to Hold First Meeting

The UN's Internet Governance Forum will hold its first meeting Oct. 30 to discuss the future of the Internet, especially as it relates to access, security, diversity and emerging issues.

...Nitin Desai, who will chair the meeting, said the technology is young and people have not really sorted out how the Internet should be treated. He compared debates about the Internet to those about the chemical composition of ink and the design of the paper when the printer was invented, which missed the point. more

Internet Neither Safe Nor Secure

As stakeholders, we need an advocate, ICANN, which must ensure that security is never sacrificed. ...It doesn't take a mathematician with a Ph.D. to see that the proposed registry agreements do not provide better security and stability for the DNS; it takes only good common sense. We all know the value of stop signs in intersections.  more

League of Nations, United Nations, Next: United Cyber Nations

Though the "Techies" have been heavily involved in many initiatives like Internet Governance, Internationalized (Multi-lingual) Domain Names, Identity Management, Information Security, Access Rights Management etc., they still have to correctly apply the technologies at hand to be able to replicate many accepted norms that have matured in the physical world such as federated identities, non-repudiation, notarizing, witnessing, co-signing etc. more

IPv6 Making Its Way Into Corporate IT Systems Sooner Than Expected

"The thing is if you install any Unix operating system now it comes with IPv6 enabled." In addition, Microsoft's Vista operating system, set for release in the coming months, is expected to have support for IPv6 enabled, he said. With support for IPv6 enabled in these operating systems, IT managers need to be prepared to address security issues in the new protocol. more

VeriSign, Critics Gear Up for ICANN Hearing

A VeriSign Inc. official defended its contract to operate the .com domain Monday, after Network Solutions accused the Internet Corporation for Assigned Names and Numbers (ICANN) of not requiring adequate security safeguards in its registry agreements. Network Solutions, a domain-name registrar, released a report last week saying ICANN has "failed" to address security in its latest proposals for the .com, .biz, .info and .org top-level domains. more

Analysis Report Recommends Key Security Changes to ICANN's Pending Registry Proposals

A report released today ("DNS - A System in Crisis," commissioned by Network Solutions) has concluded that in proposals for the .com, .biz, .info and .org registries, the Internet Corporation for Assigned Names and Numbers (ICANN) has failed to ensure adequate security safeguards. The report, written by security technology expert Jerry Archer, recommends that oversight, planning and testing provisions be implemented in the proposals to run these registries before they are finalized. more

Phishing Reaching Record Numbers in 2006

The Anti-Phishing Working Group (APWG) is reporting a record number of legitimate "brands" were hijacked in July 2006. ...They also report to have found 23,670 total phishing websites used to commit identity theft, fraud and other malicious activity in July 2006. This number is second only to the record 28,571 phishing sites found in June 2006, and is nearly double the 14,135 phishing sites found in July 2005. more

The DNSSEC "Onus of Reality Check" Shifted to gTLD Administrations by ICANN

Last month, there was an exchange of letters between a gTLD administration and ICANN about DNSSEC deployment. This gTLD administration is PIR or Public Interest Registry, the gTLD administration for the .org TLD. Interestingly, PIR is a non-profit organization that makes significant contributions to ISOC (Internet Society) initiatives: thus, both ICANN and PIR are organizations dedicated to the well-being of the Internet. more

ICANN Names DNS Security Experts

The Internet Corp for Assigned Names and Numbers yesterday named the 25 domain name system security experts that will be responsible for deciding whether proposed domain registry services could cause internet security and stability problems. The 25 people, who hail from all over the world, would be selected in five-person panels to decide on a case-by-case basis whether services proposed by the likes of .com registry VeriSign Inc or .biz registry NeuStar Inc constitute a problem to the internet. more

With Tropical Strom Ernesto Comes the Domain Storm

With tropical storm Ernesto now blowing off the coast of Florida, Internet security experts are warning that fraudsters may be hard at work claiming Ernesto-related Web site domains. On Tuesday, 18 domains related to the storm became live, said Johannes Ullrich, chief research officer at the SANS Institute. They include such names as Ernestoinsurance.com, Ernestomoney.com and Ernestodamage.com. more

Data Can Bypass Most Network Security via IPv6

An independent security researcher showed off an early version of a tool for creating covert channels that, he claims, can pass undetected through most firewalls and intrusion detection systems.

Joe Klein, network security expert, North American IPv6 Task Force The tool, dubbed VoodooNet or v00d00n3t, uses the ability of most computers to encapsulate next-generation network traffic, known as Internet Protocol version 6 (IPv6), inside of today's network communications standard, or IPv4. more

China Betting on IPv6 and First Mover Advantage

The United States' reluctance to invest in IPv6 makes it more likely that China will be in a position to gain the first-mover advantage it seeks. ...Liu Dong, president of the Beijing Internet Institute sums it up succinctly: "We think we can develop the killer applications," he says. China plans to show the rest of the world just how advanced its Internet is at the 2008 Olympics in Beijing. CNGI will control the facilities -- everything from security cameras to the lighting and thermostats -- at the Olympic venues, and events will be broadcast live over the Internet. Even the taxis in Beijing's snarled traffic will connect to CNGI via IPv6 sensors so that dispatchers will be able to direct their drivers away from congestion. more

OpenDNS Possible Alternative to Spotty DNS Services

Paul Mockapetris, the inventor of DNS and chief scientist at secure DNS provider Nominum, said DNS is like the water of the Internet. In that analogy, OpenDNS is like bottled water. If you use it, you don't have to trust the local water, which may be polluted or diseased, Mockapetris said.

"Of course, you have to trust the OpenDNS folks, and I suspect they are looking forward to showing you advertising. So maybe it is more like Gatorade, and maybe they will fluoridate their DNS and add stuff that will kill your prized fish in the aquarium as well as the phish they are looking for," he said. more

Phishing: Competing on Security

The UK today is one of the main attack targets by phishing organized crime groups, globally. Phishing damages will amount to about two billions USD in 2006 worldwide -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages. In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users... more

Industry Updates