Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

Reaction: Do We Really Need a New Internet?

The other day several of us were gathered in a conference room on the 17th floor of the LinkedIn building in San Francisco, looking out of the windows as we discussed some various technical matters. All around us, there were new buildings under construction, with that tall towering crane anchored to the building in several places. We wondered how that crane was built, and considered how precise the building process seemed to be to the complete mess building a network seems to be. more»

Bug Bounty Programs: Are You Ready? (Part 3)

The Bug Bounty movement grew out a desire to recognize independent security researcher efforts in finding and disclosing bugs to the vendor. Over time the movement split into those that demanded to be compensated for the bugs they found and third-party organizations that sought to capitalize on intercepting knowledge of bugs before alerting the vulnerable vendor. Today, on a different front, new businesses have sprouted to manage bug bounties on behalf of a growing number of organizations new to the vulnerability disclosure space. more»

Mitigating the Increasing Risks of an Insecure Internet of Things

The emergence and proliferation of Internet of Things (IoT) devices on industrial, enterprise, and home networks brings with it unprecedented risk. The potential magnitude of this risk was made concrete in October 2016, when insecure Internet-connected cameras launched a distributed denial of service (DDoS) attack on Dyn, a provider of DNS service for many large online service providers (e.g., Twitter, Reddit). Although this incident caused large-scale disruption, it is noteworthy that the attack involved only a few hundred thousand endpoints... more»

We Urgently Need a New Internet

Let's be honest about it. Nobody -- including those very clever people that were present at its birth -- had the slightest idea what impact the internet would have in only a few decades after its invention. The internet has now penetrated every single element of our society and of our economy, and if we look at how complex, varied and historically different our societies are, it is no wonder that we are running into serious problems with the current version of our internet. more»

Let's Face Facts: We Need a New Industrial Internet

The Internet is a great success and an abject failure. We need a new and better one. Let me explain why. We are about to enter an era when online services are about to become embedded into pretty much every activity in life. We will become extremely dependent on the safe and secure functioning of the underlying infrastructure. Whole new industries are waiting to be born as intelligent machines, widespread robotics, and miniaturized sensors are everywhere. more»

Blocking a DDoS Upstream

In the first post on DDoS, I considered some mechanisms to disperse an attack across multiple edges (I actually plan to return to this topic with further thoughts in a future post). The second post considered some of the ways you can scrub DDoS traffic. This post is going to complete the basic lineup of reacting to DDoS attacks by considering how to block an attack before it hits your network -- upstream. more»

Notes from NANOG 69

NANOG 69 was held in Washington DC in early February. Here are my notes from the meeting. It would not be Washington without a keynote opening talk about the broader political landscape, and NANOG certainly ticked this box with a talk on international politics and cyberspace. I did learn a new term, "kinetic warfare," though I'm not sure if I will ever have an opportunity to use it again! more»

Considering a Vulnerability Disclosure Program? Recent Push Raises Questions for General Counsel

Several years ago, vulnerability disclosure programs, also called "bug bounty" programs, were novel and eyed with suspicion. Given sensitivities and potential liabilities, companies are wary of public disclosure and hackers seeking to exploit research. When a hacker presented a flaw to a company, the company was more likely to be concerned about taking legal action than making a public announcement or offering a reward. That is changing. more»

Domain Name Association Outlines Healthy Practices as Part of Key Initiative

The domain name system is in good health. But it's about to get even better. The Domain Name Association (DNA), the Internet domain industry's trade association, undertook an effort in 2016 it named the Healthy Domains Initiative (HDI). It's an ambitious, self-motivated effort to build on the DNS' already secure and stable platform and meet select challenges head-on, before they develop. more»

The Worrying Prospects for Digital Trade Under President Trump

US leadership and influence online stems from US innovation and corporate risk-taking. But it also is the direct result of US Government policy. In the early days of the web and e-commerce, the Clinton administration recognized they had to figure out a strategy to reconcile the internet, which is global, with laws and regulations, which are domestic. Instead of demanding negotiations for shared global rules, Administration officials put forward a set of principles, which they called the Framework for Global Electronic Commerce. more»

Mitigating DDoS

Your first line of defense to any DDoS, at least on the network side, should be to disperse the traffic across as many resources as you can. Basic math implies that if you have fifteen entry points, and each entry point is capable of supporting 10g of traffic, then you should be able to simply absorb a 100g DDoS attack while still leaving 50g of overhead for real traffic... Dispersing a DDoS in this way may impact performance -- but taking bandwidth and resources down is almost always the wrong way to react to a DDoS attack. But what if you cannot, for some reason, disperse the attack? more»

Who Would You Nominate for the Internet Hall of Fame? (Nominations Open Until March 15)

Who do you think deserves recognition in the Internet Hall of Fame? Do you know of someone who has played a key role in the Internet's development who should be recognized? (And is not already among the existing IHOF inductees?) If you know of someone who deserves the recognition, nominations are open until March 15, 2017. As outlined by Internet Society President & CEO Kathy Brown in a blog post today, the Internet Hall of Fame seeks to honor three types of inductee. more»

Critical Differences Of Public And Private Clouds

Private or public? Both cloud types offer benefits and both have enjoyed significant growth over the last few years. Yet, what's the best bet for your business: The virtually limitless resources of public cloud stacks, or the close-to-home control of private alternatives? Here's a look at some critical differences between public and private clouds... more»

Characterizing the Friction and Incompatibility Between IoC and AI

Many organizations are struggling to overcome key conceptual differences between today's AI-powered threat detection systems and legacy signature detection systems. A key friction area -- in perception and delivery capability -- lies with the inertia of Indicator of Compromise (IoC) sharing; something that is increasingly incompatible with the machine learning approaches incorporated into the new breed of advanced detection products. more»

Bug Bounty Programs: Are You Ready? (Part 2)

In Part 1 of "Bug Bounty Programs: Are You Ready?" we examined the growth of commercial bug bounty programs and what organizations need to do before investing in and launching their own bug bounty. In this part, we'll discuss why an organization needs to launch a bug bounty program, and what limits the value they will likely extract from such an investment. more»

News Briefs

Security Researchers Announce First SHA-1 Collision, Confirming Fears About Its Vulnerabilities

Hacked ICANN Data Still Selling on Black Market Years After Breach

Interpol's Michael Moran Receives 2017 M3AAWG Litynski Award

Deloitte: DDoS Attacks to Enter Terabit Era in 2017

Security Expert Bruce Schneier Calls for Creation of New Government Agency for IoT Regulation

Microsoft's Brad Smith Calls for a 'Digital Geneva Convention' to Protect Civilians

Trump to Sign Cybersecurity Executive Order on Tuesday

US Law-Enforcement Agencies Reported to be at Risk in Foreign-Owned Buildings

Data Breaches Reported During 2016 Exposed Over 4.2 Billion Records

New Study Highlights Growing Risk, Lack of Urgency with Mobile and IoT Application Security

Canadian Energy Firms at Bigger Risk of Cyberattack

Ukraine's Power Outage Due to Cyberattack, Says Country's National Power Company

Former New York City Mayor Rudy Guliani Appointed to "Chair" Cyber Task Force

Ransomware Crime Bill Goes into Effect in the State of California

FTC Announces Internet of Things Challenge, Offers $25,000 for Best Technical Solution

Trump Names Former Bush Aide Thomas Bossert Chief Adviser on Cybersecurity, Counterterrorism Role

China Says It Will Use All Means, Including Military, to Ensure Online Security

Google Begins Publicly Sharing National Security Letters

Yahoo Reveals Over One Billion More Accounts Have Been Hacked

Internet Society Urges for Increased Effort to Address Unprecedented Challenges Facing the Internet

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Not a Guessing Game

Verisign Updates – Sponsor

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign has just released Q4 2016 DDoS Trends Report providing a unique view into the attack trends unfolding online through observations and insights derived from distributed denial of service (DDoS) attack mitigations, enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign iDefense Intelligence Services. ›››

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

Verisign has released its Q3 2016 DDoS Trends Report providing a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

Defending Against Layer 7 DDoS Attacks

Layer 7 attacks are some of the most difficult attacks to mitigate because they mimic normal user behavior and are harder to identify. Verisign's recent trends show that DDoS attacks are becoming more sophisticated and complex, including an increase in application layer attacks. ›››

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Verisign today released its Q2 2016 DDoS Trends Report providing a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services, and research conducted by Verisign iDefense Security Intelligence Services. ›››

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign is pleased to announce that it has qualified for the Online Trust Alliance's (OTA) 2016 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. ›››

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Verisign today released its Q1 2016 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Having a tightly integrated security framework is more critical than ever as cyber-attacks grow and enterprises employ a variety of on-premise and cloud-based computing services to deliver applications. ›››

Industry Updates

Participants – Random Selection