Cybersecurity

Sponsored
by

Cybersecurity / Recently Commented

Cyberattack Paralyzed Marshall Islands Email Service

Email communication in the Marshall Islands was paralysed Tuesday after hackers launched a "zombie" computer attack on the western Pacific nation's only Internet service provider, AFP reports. The attack started early Tuesday, in which hackers used zombie computers to flood country's only Internet service provider with spam emails, causing a complete shutdown of email traffic into the nation of around 55,000 people. more

VeriSign Expands DNS Capacity From 400 Billion to Over 4 trillion Queries Per Day

Since 2000, the volume of Internet traffic on VeriSign's global infrastructure has increased from an average of 1 billion domain name system queries per day to a peak of more than 50 billion DNS queries per day under normal traffic conditions, reports VeriSign in a press release today. Under Project Titan, VeriSign reports it will increase its daily DNS query capacity from 400 billion queries a day to over 4 trillion queries a day and will increase the aggregate network bandwidth of its primary resolution centers around the world from more than 20 gigabits per second (Gbps) to greater than 200 Gbps per second. VeriSign also plans to expand its deployment of Regional Internet Resolution Sites to more than 100 locations across the globe by 2010. Plans also include deploying new proprietary security upgrades and monitoring tools to identify, track and isolate malicious Internet traffic generated from cyber attacks. more

France Preparing for Future Cyberwars, Says President

French President Nicolas Sarkozy announced major military reforms involving an in-depth change in strategic priorities and is gradually preparing France for the fights of future. Plans include expanding the range of weapons arsenal in terms of computer warfare, said the president in his announcement this week. France is not alone to be deeply worried about the issue of crippling cyber attacks. In mid-May, the Atlantic Alliance, which brings together dozens of Northern America, Western and Eastern European countries, launched what has come to be known as the "NATO Excellence Center for Cybernetics Defense" in Tallinn, Estonia. more

Popular Photo Sharing Site's DNS Records Hijacked by Turkish Hacking Group

DNS records of one of the most popular photo sharing websites, Photobucket, were hacked yesterday by Turkish Hacking Group. The site returned a hacked page courtesy of the NetDevilz hacking group, a Turkish web site defacement group most widely known for its defacement of the adult video site Redtube earlier this year. Photobucket users across the world are reporting minor outages of the service and problems when trying to access their accounts, the consequence of what looks like the type of DNS records hijacking that redirected Comcast.net to a third-party domain last month. more

British Hacker Accused of Biggest Military Hack Fights Extradition to U.S.

Five judges at the UK's highest court are currently in process of evaluating a final appeal against extradition by a computer enthusiast wanted in Washington for the "biggest military hack of all time". Gary McKinnon (nicknamed "Solo"), 44, is accused of causing hundreds of thousands of dollars of damage after breaking into dozens of computers owned by NASA, the Pentagon and the U.S. military. His last appeal to the High Court in London failed after two senior judges ruled he should face trial in the United States. The law lords are expected to give their ruling before the end of July. more

SPIT is in Everyone's Mouth, Though Not Yet in Everyone's Ears

Spam over Internet Telephony (SPIT) is viewed by many as a daunting threat. SPIT is much more fatal than email spam, for the annoyance and disturbance factor is much higher. Various academic groups and the industry have made some efforts to find ways to mitigate SPIT. Most ideas in that field are leaning on classical IT security concepts such as intrusion detection systems, black-/white-/greylists, Turing tests/computational puzzles, reputation systems, gatekeeper solutions, etc... We identified the lack of a benchmark testbed for SPIT as a serious gap in the current research on the matter, and this motivated us at the to start working on a first tool for that. more

VoIP Compression Technique Vulnerable to Ease Dropping

Plans to compress internet (VoIP) phone calls so they use less bandwidth could make them vulnerable to eavesdropping. Most networks are currently safe, but many service providers are due to implement the flawed compression technology. A team from John Hopkins University in Baltimore, Maryland, US, has shown that simply measuring the size of packets without decoding them can identify whole words and phrases with a high rate of accuracy. more

Will a Global TAR Make DNSSEC Stick?

Two US Government contractors and the National Institute of Science and Technology have released a white paper, "Statement of Needed Internet Capability," detailing possible alternatives and considerations for a Trust Anchor Repository (TAR) to support DNSSEC deployment. The document was released through the DNSSEC-Deployment Group this week with a request that it be circulated as widely as possible to gather feedback. A Trust Anchor Repository (TAR) refers to the concept of a DNS resource record store that contains secure entry point keys... more

Experts Concerned Over U.S. Spyware Legislation Being Overly Broad

U.S. Senate bill aims at limiting spyware by seemingly allowing broadband providers, computer hardware and software vendors, financial institutions and other businesses to scan users' computers without authorization. "We think this language is overly broad and could protect activities which could be harmful to computer users," Butler told the Senate Commerce, Science and Transportation Committee. "It would, in effect, allow a software vendor to truly monitor everything that's on a user's computer, essentially setting [vendors] up as an ad hoc police force." more

Swedish National Defense Radio Agency to Wiretap All Internet Traffic

Several people abroad have started mailing me and others asking if rumors of new legislation to be passed in Sweden on the 17th of June is for real. There are also reports in international forums starting to pop up. This is fairly old news, and I think that most of us are surprised that this has not generated more press both inside and outside Sweden earlier. This legislation will allow for the Swedish National Defense Radio Agency (FRA) to wiretap Internet traffic leaving the country... more

Carpet Bombing in Cyber Space - Say Again?

I was pointed to an article in the Armed Forces Journal where Col Charles W. Williamson III argues that the US Air Force needs to develop a BOTnet army as part of the US military capability for retaliatory strikes. The article brings up some interesting issues, the one that I believe carries the most weight is the argument that we (well, people living on the Internet) are seeing an arms race. It is true that more and more nations are looking into or developing various forms of offensive weapons systems for the use on the Internet... more

New Trojan Horse Silently Alters Wireless Router Settings

Brian Krebs or Washington Post reports that a new Trojan horse masquerading as a video 'codec' required to view content on certain Websites tries to change key settings on the victim's Internet router so that all of the victim's Internet traffic is routed through servers controlled by the attackers. more

Software Security Hole Exposes Critical Utilities to Internet attack

Internet attackers could gain control of water treatment plants, natural gas pipelines and other critical utilities because of a vulnerability in the software that runs some of those facilities, security researchers reported Wednesday. Experts with Boston-based Core Security Technologies, who discovered the deficiency, said there's no evidence anyone else found or exploited the flaw. Citect Pty. Ltd., which makes the program called CitectSCADA, patched the hole last week, five months after Core Security first notified Citect of the problem. more

An Account of the Estonian Internet War

About a year ago after coming back from Estonia, I promised I'd send in an account of the Estonian "war". A few months ago I wrote an article for the Georgetown Journal of International Affairs, covering the story of what happened there. This is the "war" that made politicians aware of cyber security and entire countries scared, NATO to "respond" and the US to send in "help". It deserved a better understanding for that alone, whatever actually happened there. more

DNS Troubles at the U.S. National Security Agency

DNS server problems at the U.S. National Security Agency have knocked the secretive intelligence agency site offline for several hours. Reports suggest various possible reasons including an internal routing problem of some sort on their side or errors in firewall or ACL [access control list] policy. Other possibilities are speculated to be a technical glitch or a hacking incident. The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyber attacks -- the outage is an embarrassment for the agency. more