IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.


Officially Compromised Privacy

The essence of information privacy is control over disclosure. Whoever is responsible for the information is supposed to be able to decide who sees it. If a society values privacy, it needs to ensure that there are reasonable protections possible against disclosure to those not authorized by the information's owner. In the online world, an essential technical component for this assurance is encryption. If the encryption that is deployed permits disclosure to those who were not authorized by the information's owner, there should be serious concern about the degree of privacy that is meaningfully possible. more»

The Emotional Cost of Cybercrime

We know more and more about the financial cost of cybercrime, but there has been very little work on its emotional cost. David Modic and I decided to investigate. We wanted to empirically test whether there are emotional repercussions to becoming a victim of fraud (Yes, there are). We wanted to compare emotional and financial impact across different categories of fraud and establish a ranking list (And we did). more»

Why I Wrote 'Thinking Security'

I have a new book out, Thinking Security: Stopping Next Year's Hackers. There are lots of security books out there today; why did I think another was needed? Two wellsprings nourished my muse. (The desire for that sort of poetic imagery was not among them.) The first was a deep-rooted dissatisfaction with common security advice. This common "wisdom" -- I use the word advisedly -- often seemed to be outdated. Yes, it was the distillation of years of conventional wisdom, but that was precisely the problem: the world has changed; the advice hasn't. more»

Regulation and Reason

Imagine living in a country where it was necessary to register with your community government by providing a copy of one of the following... This may be necessary in perhaps a large number of nations. However, as a United States citizen and resident, I was quite surprised when my local community issued the request. I investigated and found much to my dismay, that my community in fact was required by regulation to survey its residents on a biennial basis. more»

In Network Security Design, It's About the Users

One of the longstanding goals of network security design is to be able to prove that a system -- any system -- is secure. Designers would like to be able to show that a system, properly implemented and operated, meets its objectives for confidentiality, integrity, availability and other attributes against the variety of threats the system may encounter. A half century into the computing revolution, this goal remains elusive. more»

RIPE 71 Meeting Report

The RIPE 71 meeting took place in Bucharest, Romania in November. Here are my impressions from a number of the sessions I attended that I thought were of interest. It was a relatively packed meeting held over 5 days. So this is by no means all that was presented through the week... As is usual for RIPE meetings, it was a well organised, informative and fun meeting to attend in every respect! If you are near Copenhagen in late May next year I'd certainly say that it would be a week well spent. more»

How DANE Strengthens Security for TLS, S/SMIME and Other Applications

The Domain Name System (DNS) offers ways to significantly strengthen the security of Internet applications via a new protocol called the DNS-based Authentication of Named Entities (DANE). One problem it helps to solve is how to easily find keys for end users and systems in a secure and scalable manner. It can also help to address well-known vulnerabilities in the public Certification Authority (CA) model. Applications today need to trust a large number of global CAs. more»

Battling Cyber Threats Using Lessons Learned 165 Years Ago

When it comes to protecting the end user, the information security community is awash with technologies and options. Yet, despite the near endless array of products and innovation focused on securing that end user from an equally broad and expanding array of threats, the end user remains more exposed and vulnerable than at any other period in the history of personal computing. more»

Exploiting Video Console Chat for Cybecrime or Terrorism

A couple of days ago there was a lot of interest in how terrorists may have been using chat features of popular video console platforms (e.g. PS4, XBox One) to secretly communicate and plan their attacks. Several journalists on tight deadlines reached out to me for insight in to threat. Here are some technical snippets on the topic that may be useful for future reference. more»

The Incredible Value of Passive DNS Data

If a scholar was to look back upon the history of the Internet in 50 years' time, they'd likely be able to construct an evolutionary timeline based upon threats and countermeasures relatively easily. Having transitioned through the ages of malware, phishing, and APT's, and the countermeasures of firewalls, anti-spam, and intrusion detection, I'm guessing those future historians would refer to the current evolutionary period as that of "mega breaches" (from a threat perspective) and "data feeds". more»

Help CrypTech (and Me) Make the Internet More Secure

Are you ready to help me make the Internet more secure? Here's your chance to join me in a project to create an open-source hardware device to protect email, files and other data from hackers and government spies. The CrypTech Project was founded in late 2013 after NSA whistleblower Edward Snowden revealed that the US and other governments were exploiting weak cryptography and loose standards to gain access to citizens' email, documents, and other files. more»

Internet Society's New Policy Brief Series Provides Concise Information On Critical Internet Issues

Have you ever wanted to quickly find out information on key Internet policy issues from an Internet Society perspective? Have you wished you could more easily understand topics such as net neutrality or Internet privacy? This year, the Internet Society has taken on a number of initiatives to help fill a need identified by our community to make Internet Governance easier to understand and to have more information available that can be used to inform policymakers and other stakeholders about key Internet issues. more»

Governments Shouldn't Play Games with the Internet

Governments often use small players as pawns in their global games of chess. Two weeks ago the European Court of Justice invalidated the EU-US Safe Harbor ("Safe Harbor") framework, turning Internet businesses into expendable pawns in a government game. But for the past fifteen years, Safe Harbor allowed data flows across the Atlantic -- fostering innovation and incredible economic development. more»

What's ARC?

DMARC is an anti-phishing technique that AOL and Yahoo repurposed last year to help them deal with the consequences of spam to (and apparently from) addresses in stolen address books. Since DMARC cannot tell mail sent through complex paths like mailing lists from phishes, this had the unfortunate side effect of screwing up nearly every discussion list on the planet. Last week the DMARC group published a proposal called ARC, for Authenticated Received Chain, that is intended to mitigate the damage. What is it, and how likely is it to work? more»

Freedom on the Internet: Where Does Your Country Stand?

Out of the 3 billion users on the Internet, how many can trust that their online communications will not be monitored or censored? How many feel safe that they can express their opinions online and will not be arrested for their ideas? How many feel confident in communicating anonymously online? For us at the Internet Society this is a key element of an Internet of opportunity: Internet access is only meaningful if people can trust that their fundamental rights will be respected and protected online as well as offline. more»

News Briefs

UK Announces Additional £1.9 Billion in Cyber Security Funding

Email More Secure Today Than Two Years Ago, Research Suggests

Internet Activity in Britain Stored for a Year Under New Surveillance Law

Public Cloud Services in Mature Asia/Pacific Region to Reach $7.4 Billion in 2015

United States and Britain to Conduct Financial Cyber-Security Test

Reported Risk of Undersea Communication Cable Sabotage Are Exaggerated

U.S. Concerned over Increasing Russian Submarine Patrols Near Data Cables

Experts Propose Plan for More Secure Wi-Fi Devices

Senior U.S. and Chinese Officials Conclude Four-Day Meeting on Cyber Security

Hacking Increasingly Becoming a Physical Concern

Networking Firm Loses $46.7 Million to Fraudulent Wire Transfer

ICANN Website Breached, Passwords Obtained by an Unauthorized Person

Group Working on Securing Email Using DNS

US Army Site Hacked as Obama Vows 'Aggressive' Response to Cyberattacks

IPv6 Adoption Brings New Security Risks

Placing New Domain Names in Temporary "Penalty Box" Could Deter Malicious Use, Says Paul Vixie

Record Number of Malware Variants Detected in Q4 of 2014, Retail/Service Most Targeted

Research Finds Mobile Malware Infections Overblown

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Internet Society Issues Statement on Developing Cyber Security Policy Initiatives

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Not a Guessing Game

Verisign Updates – Sponsor

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

As part of our efforts to support National Cyber Security Awareness Month by sharing the latest cybersecurity research, Verisign released its Q3 2015 DDoS Trends Report, which represents a unique view into attack trends unfolding online for the previous quarter. ›››

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Attend to learn some of the new tools and techniques to secure availability of applications in hybrid-cloud environments. ›››

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

If you are one of the 55 percent of individuals who are anxious about openly handing over your private information, what can you do? The first step is to determine your digital footprint. ›››

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

In the recently published Forrester WAVE: DDoS Service Providers, Q3 2015 report, Forrester notes the importance of a hybrid approach to distributed denial of service (DDoS) protection. ›››

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Verisign just released its Q2 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Of the many options to manage BYOD on the network, IT organizations tend to choose one of the following two approaches: they either enact a policy prohibiting the use of BYODs, or install local clients on each device to track and monitor BYOD behavior. Each of these approaches comes with its own pros and cons. ›››

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

With significant data breaches making headlines over the last six months, most notably the U.S. Government's Office of Personnel Management (OPM), organizations managing critical networks and data are watching their worst nightmares play out on a public stage. ›››

Industry Updates

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

Introducing the Verisign DNS Firewall

TLD Security, Spec 11 and Business Implications

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

Afilias Supports the CrypTech Project - Ambitious Hardware Encryption Effort to Protect User Privacy

Participants – Random Selection