Cybersecurity

Sponsored
by

Cybersecurity / Recently Commented

League of Nations, United Nations, Next: United Cyber Nations

Though the "Techies" have been heavily involved in many initiatives like Internet Governance, Internationalized (Multi-lingual) Domain Names, Identity Management, Information Security, Access Rights Management etc., they still have to correctly apply the technologies at hand to be able to replicate many accepted norms that have matured in the physical world such as federated identities, non-repudiation, notarizing, witnessing, co-signing etc. more

IPv6 Making Its Way Into Corporate IT Systems Sooner Than Expected

"The thing is if you install any Unix operating system now it comes with IPv6 enabled." In addition, Microsoft's Vista operating system, set for release in the coming months, is expected to have support for IPv6 enabled, he said. With support for IPv6 enabled in these operating systems, IT managers need to be prepared to address security issues in the new protocol. more

VeriSign, Critics Gear Up for ICANN Hearing

A VeriSign Inc. official defended its contract to operate the .com domain Monday, after Network Solutions accused the Internet Corporation for Assigned Names and Numbers (ICANN) of not requiring adequate security safeguards in its registry agreements. Network Solutions, a domain-name registrar, released a report last week saying ICANN has "failed" to address security in its latest proposals for the .com, .biz, .info and .org top-level domains. more

Analysis Report Recommends Key Security Changes to ICANN's Pending Registry Proposals

A report released today ("DNS - A System in Crisis," commissioned by Network Solutions) has concluded that in proposals for the .com, .biz, .info and .org registries, the Internet Corporation for Assigned Names and Numbers (ICANN) has failed to ensure adequate security safeguards. The report, written by security technology expert Jerry Archer, recommends that oversight, planning and testing provisions be implemented in the proposals to run these registries before they are finalized. more

Phishing Reaching Record Numbers in 2006

The Anti-Phishing Working Group (APWG) is reporting a record number of legitimate "brands" were hijacked in July 2006. ...They also report to have found 23,670 total phishing websites used to commit identity theft, fraud and other malicious activity in July 2006. This number is second only to the record 28,571 phishing sites found in June 2006, and is nearly double the 14,135 phishing sites found in July 2005. more

The DNSSEC "Onus of Reality Check" Shifted to gTLD Administrations by ICANN

Last month, there was an exchange of letters between a gTLD administration and ICANN about DNSSEC deployment. This gTLD administration is PIR or Public Interest Registry, the gTLD administration for the .org TLD. Interestingly, PIR is a non-profit organization that makes significant contributions to ISOC (Internet Society) initiatives: thus, both ICANN and PIR are organizations dedicated to the well-being of the Internet. more

ICANN Names DNS Security Experts

The Internet Corp for Assigned Names and Numbers yesterday named the 25 domain name system security experts that will be responsible for deciding whether proposed domain registry services could cause internet security and stability problems. The 25 people, who hail from all over the world, would be selected in five-person panels to decide on a case-by-case basis whether services proposed by the likes of .com registry VeriSign Inc or .biz registry NeuStar Inc constitute a problem to the internet. more

With Tropical Strom Ernesto Comes the Domain Storm

With tropical storm Ernesto now blowing off the coast of Florida, Internet security experts are warning that fraudsters may be hard at work claiming Ernesto-related Web site domains. On Tuesday, 18 domains related to the storm became live, said Johannes Ullrich, chief research officer at the SANS Institute. They include such names as Ernestoinsurance.com, Ernestomoney.com and Ernestodamage.com. more

Data Can Bypass Most Network Security via IPv6

An independent security researcher showed off an early version of a tool for creating covert channels that, he claims, can pass undetected through most firewalls and intrusion detection systems.

Joe Klein, network security expert, North American IPv6 Task Force The tool, dubbed VoodooNet or v00d00n3t, uses the ability of most computers to encapsulate next-generation network traffic, known as Internet Protocol version 6 (IPv6), inside of today's network communications standard, or IPv4. more

China Betting on IPv6 and First Mover Advantage

The United States' reluctance to invest in IPv6 makes it more likely that China will be in a position to gain the first-mover advantage it seeks. ...Liu Dong, president of the Beijing Internet Institute sums it up succinctly: "We think we can develop the killer applications," he says. China plans to show the rest of the world just how advanced its Internet is at the 2008 Olympics in Beijing. CNGI will control the facilities -- everything from security cameras to the lighting and thermostats -- at the Olympic venues, and events will be broadcast live over the Internet. Even the taxis in Beijing's snarled traffic will connect to CNGI via IPv6 sensors so that dispatchers will be able to direct their drivers away from congestion. more

OpenDNS Possible Alternative to Spotty DNS Services

Paul Mockapetris, the inventor of DNS and chief scientist at secure DNS provider Nominum, said DNS is like the water of the Internet. In that analogy, OpenDNS is like bottled water. If you use it, you don't have to trust the local water, which may be polluted or diseased, Mockapetris said.

"Of course, you have to trust the OpenDNS folks, and I suspect they are looking forward to showing you advertising. So maybe it is more like Gatorade, and maybe they will fluoridate their DNS and add stuff that will kill your prized fish in the aquarium as well as the phish they are looking for," he said. more

Phishing: Competing on Security

The UK today is one of the main attack targets by phishing organized crime groups, globally. Phishing damages will amount to about two billions USD in 2006 worldwide -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages. In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users... more

Net Security an Oxymoron, Interview with SRI Principle Scientist

At a time when threats to the Internet and other computer networks loom from teenage hackers and terrorists alike, Neumann (pronounced "Noy-muhn") is sounding an alarm that computer security advocates agree has fallen on deaf ears. The trouble, Neumann warns, is that the Internet is populated by computers that were not designed with network security in mind. As a result, security is addressed on a patch-by-patch basis, but an effective solution would require redesigning systems from scratch. more

Security Experts Warn VoIP Attacks May Be Just Around the Corner

It's become a familiar pattern in online security. A groundbreaking way to communicate emerges, spreads like wildfire, and then hackers find a way to use it to their advantage. Security companies react--but not before the problem has succeeded in wreaking havoc. It happened with e-mail and is happening now with instant messaging and mobile devices.

The next area that could be targeted: Voice over Internet Protocol, or VoIP, which lets people make low-priced phone calls using the same technology that delivers e-mail. And the results could be just as damaging, if not worse, than with other technologies, some security experts warn.  more

Email Security an Ongoing Battle, Focus on Manageable Risk Instead

The IT industry will never eradicate security threats to email systems and organizations should take a holistic approach to securing their communication systems to the level where they believe risk is at a manageable state, according to panelists at this week's Inbox email conference in San Jose...

At a packed panel session on email accreditation and reputation, the panelist told audience members that reputation services have taken off rapidly. These services profile the sender's behavior to determine the likelihood that a message is legitimate or spam. The sender's reputation is determined based on multiple criteria then assigned to categories, or lists. more