Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

On the Way to the G7 ICT Ministers' Meeting in Japan

This week in Japan I have been invited to address the Multi-Stakeholder Conference that will officially open the G7 ICT Ministerial summit in Takamatsu. The focus of the ICT Ministerial will be on four distinct areas: (1) Innovation and economic growth; (2) Unrestricted flow of information, and ensuring the safety and security in cyberspace;
(3) Contributing to the resolution of global issues, including digital connectivity; (4) International understanding and international cooperation in the future. more»

Call for Participation - DNSSEC Workshop at ICANN 56 in Helsinki, Finland on 27 June 2016

Do you have an idea for an innovative use of DNSSEC or DANE? Have you recently deployed DNSSEC or DANE and have some "lessons learned" that you could share? Did you develop a new tool or service that works with DNSSEC? Have you enabled DNSSEC by default in your products? (And why or why not?) Do you have ideas about how to accelerate usage of new encryption algorithms in DNSSEC? more»

The Importance of IPRC in Asia Pacific

I believe and strongly support Internet Principle and Right Coalition (IPRC) Charter is an important edition of document supplementing the principles and rights of individual internet users in any developing and least developed country. Especially in Asia Pacific region where the need and use of such document is immense, as there is a gap in recognition and awareness of rights of internet users. more»

DNS and Stolen Credit Card Numbers

FireEye announced a new piece of malware yesterday named MULTIGRAIN. This nasty piece of code steals data from Point of Sale (PoS) and transmits the stolen credit card numbers by embedding them into recursive DNS queries. While this was definitely a great catch by the FireEye team, the thing that bothers me here is how DNS is being used in these supposedly restrictive environments. more»

Asia-Pacific Job Opening: Join Internet Society Deploy360 Programme to Promote IPv6, DNSSEC, More

Do you live in the Asia-Pacific region and are interested in accelerating the deployment of key technologies such as IPv6, DNSSEC, TLS or secure routing mechanisms? If so, my Internet Society colleagues involved with the Deploy360 Programme are seeking a "Technical Engagement Manager" based somewhere in the AP region. Find out more information about the position, the requirements and the process for applying. more»

Is the FCC Inviting the World's Cyber Criminals into America's Living Rooms?

In October 2012, the Chairman and Ranking Member of the House Intelligence Committee issued a joint statement warning American companies that were doing business with the large Chinese telecommunications companies Huawei and ZTE to "use another vendor." The bipartisan statement explains that the Intelligence Committee's Report, "highlights the interconnectivity of U.S. critical infrastructure systems and warns of the heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies." more»

Problems With the Burr-Feinstein Bill

What appears to be a leaked copy of the Burr-Feinstein on encryption back doors. Crypto issues aside -- I and my co-authors have written on those before -- this bill has many other disturbing features. (Note: I've heard a rumor that this is an old version. If so, I'll update this post as necessary when something is actually introduced.) One of the more amazing oddities is that the bill's definition of "communications" (page 6, line 10) includes "oral communication", as defined in 18 USC 2510. more»

My Top Takeaways from DNS-OARC 24

The 24th DNS-OARC meeting was held last week in Buenos Aires -- a two-day DNS workshop with amazingly good, consistent content. The programme committee are to be congratulated on maintaining a high quality of presentations. Here are my picks of the workshop. They fall into three groups, covering themes I found interesting... These presentations related to the ongoing problem of DNS as a source of reflection attacks, or a victim of attempted DDoS... more»

Enough About Apple and Encryption: Let's Talk System Security

This week, the RightsCon Silicon Valley 2016 conference is taking place in San Francisco. Since the use of encryption in general and the Apple/FBI case in particular are likely to be debated, I want to share a perspective on system security. My phone as a system The Apple/FBI case resolves around a phone. Think of your own phone now. When I look at my own phone I have rather sensitive information on it. more»

The FBI and the iPhone: Important Unanswered Questions

As you probably know, the FBI has gotten into Syed Farook's iPhone. Many people have asked the obvious questions: how did the FBI do it, will they tell Apple, did they find anything useful, etc.? I think there are deeper questions that really get to the full import of the break. How expensive is the attack? Security - and by extension, insecurity - are not absolutes. Rather, they're only meaningful concepts if they include some notion of the cost of an attack. more»

The Path Toward Increasing the Security of DNSSEC with Elliptic Curve Cryptography

How do we make DNSSEC even more secure through the use of elliptic curve cryptography? What are the advantages of algorithms based on elliptic curves? And what steps need to happen to make this a reality? What challenges lie in the way? Over the past few months we've been discussing these questions within the community of people implementing DNSSEC, with an aim of increasing both the security and performance of DNSSEC. more»

The Second Machine Age Calls for Vision and Leadership

This post I've been pondering on for a long time, but never found the right angle and perhaps I still haven't. Basically I have these observations, thoughts, ideas and a truckload of questions. Where to start? With the future prospects of us all. Thomas Picketty showed us the rise of inequality. He was recently joined by Robert J. Gordon who not only joins Picketty, but adds that we live in a period of stagnation, for decades already. "All great inventions lie over 40 years and more behind us", he points out. more»

The Growing Threat of Cybersquatting in the Banking and Finance Sector

The apparent cyber heist of of $81 million from the Bangladesh central bank's U.S. account may cause some people to question the security of online banking. While the online theft prompted SWIFT - a cooperative owned by 3,000 financial institutions around the world -- to make sure banks are following recommended security practices, the incident also could have ramifications for banking customers worldwide. more»

DNSSEC Workshop Streaming Live from ICANN 55 in Marrakech on Wednesday, March 9, 2016

What is the current state of DNSSEC deployment around the world and also in Africa? How can you deploy DNSSEC at a massive scale? What is the state of using elliptic curve crypto algorithms in DNSSEC? What more can be done to accelerate DNSSEC deployment? Discussion of all those questions and much more can be found in the DNSSEC Workshop streaming live out of the ICANN 55 meeting in Marrakech, Morocco, on Wednesday, March 9, from 9:00 to 15:15 WET. more»

Blocking and Filtering in Collaborative Security Context - A Reflection on RFC 7754

The other day, I planned to take my 15-year-old son to the movie theatre to see "Hateful Eight" in 70mm film format. The theatre would not allow him in. Under article 240a of the Dutch penal code, it is a felony to show a movie to a minor when that movie is rated 16 or above. Even though I think I am responsible for what my son gets to see, I understand that the rating agency put a 16-year stamp on this politically-incorrect-gun-slinging-gore-and-curse-intense-comedy feature. more»

News Briefs

Cybercriminals Continuing to Exploit Human Nature, Increasing Reliance on Ransomware, Study Finds

Google Launches Project to Track Encryption Efforts - Both Internally and at Other Popular Sites

Bangladesh Central Bank Governor Quits Amidst One of the Largest Cyber Heists

Head of UK Intelligence Agency Says Tech Companies Should Provide a Way Around Encryption

Repeat DDoS Attacks the Norm in Q4 2015, 24 Attacks per Target on Average

Approach IoT With Security in Mind, Says AT&T Chairman

Large Volume of DNSSEC Amplification DDoS Observed, Akamai Reports

GNU C Library Found Vulnerable to Rogue DNS Server Attacks

Obama Proposes $19 Billion for Cybersecurity in Final Budget Plan

Reported Cyberattack Against Israel Only Ransomware to Regulatory Body, Electric Grid Not In Danger

Israel Becoming a Go-To Place for Cybersecurity

91.3% of Malware Use DNS as a Key Capability

Companies and Organizations Around the World Ask Leaders to Support Strong Encryption

U.S. Senators Introduce SEC Cybersecurity Disclosure Legislation

Internet Root Servers Hit with Unusual DNS Amplification Attack

UK Announces Additional £1.9 Billion in Cyber Security Funding

Email More Secure Today Than Two Years Ago, Research Suggests

Internet Activity in Britain Stored for a Year Under New Surveillance Law

Public Cloud Services in Mature Asia/Pacific Region to Reach $7.4 Billion in 2015

United States and Britain to Conduct Financial Cyber-Security Test

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Not a Guessing Game

Verisign Updates – Sponsor

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Having a tightly integrated security framework is more critical than ever as cyber-attacks grow and enterprises employ a variety of on-premise and cloud-based computing services to deliver applications. ›››

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Verisign has just released its Q4 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

The Framework for Resilient Cybersecurity (Webinar)

A shift in security architecture is needed, to an open platform where devices and services from different vendors can share, and act, on threat intelligence information, all in concert and in the proper context. Join Ramakant Pandrangi, Vice President of Technology, and learn how to assist with designing a resilient security ecosystem by maximizing an API-centric approach. ›››

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

As part of our efforts to support National Cyber Security Awareness Month by sharing the latest cybersecurity research, Verisign released its Q3 2015 DDoS Trends Report, which represents a unique view into attack trends unfolding online for the previous quarter. ›››

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Attend to learn some of the new tools and techniques to secure availability of applications in hybrid-cloud environments. ›››

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

If you are one of the 55 percent of individuals who are anxious about openly handing over your private information, what can you do? The first step is to determine your digital footprint. ›››

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

In the recently published Forrester WAVE: DDoS Service Providers, Q3 2015 report, Forrester notes the importance of a hybrid approach to distributed denial of service (DDoS) protection. ›››

Industry Updates

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

Participants – Random Selection