Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

How to Choose a Cyber Threat Intelligence Provider

Throughout the course of my career I've been blessed to work with some of the most talented folks in the security and cyber threat intelligence (CTI) mission space to create a variety of different capabilities in the public, private and commercial sectors. Before I came to lead the Verisign iDefense team about five years ago, I had to evaluate external cyber-intelligence vendors to complement and expand the enterprise capabilities of my former organization. more»

Lessons to Be Learned from the Armada Collective's DDoS Attacks on Greek Banks

'It could've been worse' is a fascinating expression. It implies that the incident in question obviously could have been worse than expected, however it also implies that it could have been better, ultimately leading to the conclusion that it was at least somewhat bad. So both fortunately and unfortunately for three Greek banks, the ransom DDoS attacks levied against them by hacker group the Armada Collective could have been worse. more»

Malware Reach Is Expanding, Ransomware on the Rise

We live in an online age, one where malware infections have become commonplace. Some might say this is the price of doing business online. News headlines report damaging attacks on well-known brands with depressing regularity. Consumer confidence suffers as customers look to organizations to sort out the issue, secure their transactions and fix the problem. more»

Watching the Watchers Watching Your Network

It seems that this last holiday season didn't bring much cheer or goodwill to corporate security teams. With the public disclosure of remotely exploitable vulnerabilities and backdoors in the products of several well-known security vendors, many corporate security teams spent a great deal of time yanking cables, adding new firewall rules, and monitoring their networks with extra vigilance. more»

Blocking Shodan

The Internet is chock full of really helpful people and autonomous systems that silently probe, test, and evaluate your corporate defenses every second of every minute of every hour of every day. If those helpful souls and systems aren't probing your network, then they're diligently recording and cataloguing everything they've found so others can quickly enumerate your online business or list systems like yours that are similarly vulnerable to some kind of attack or other. more»

Who Will Secure the Internet of Things?

Over the past several months, CITP-affiliated Ph.D. student Sarthak Grover and fellow Roya Ensafi been investigating various security and privacy vulnerabilities of Internet of Things (IoT) devices in the home network, to get a better sense of the current state of smart devices that many consumers have begun to install in their homes. To explore this question, we purchased a collection of popular IoT devices, connected them to a laboratory network at CITP, and monitored the traffic that these devices exchanged with the public Internet. more»

Thought Leaders Create New Trends & Solutions, Followers Just Follow - Which Are You?

Last week I asked on a post elsewhere, why we, at the MLi Group, chose to consider speakers, panelists, supporters and sponsors at our Global Summit Series (GSS) as "Thought Leaders" and "Trend Setters? Many wrote me directly offering their answers and then it dawned on me that my answer may (or may not) get appreciated by many at the ICANN community. So here is why we do. more»

CircleID's Top 10 Posts of 2015

Once again it is time for CircleID's annual roundup of top ten most popular posts featured during the past year (based on overall readership). Congratulations to all the 2015 participants and best wishes in the new year. more»

Why More Effort Won't Solve the Exceptional Access Problem

In the debate over government "exceptional access" to encrypted communications, opponents with a technical bent (and that includes me) have said that it won't work: that such a scheme would inevitably lead to security problems. The response -- from the policy side, not from technical folk - has been to assert that perhaps more effort would suffice. FBI Director James Comey has said, "But my reaction to that is: I'm not sure they've really tried." Hillary Clinton wants a "Manhattan-like project, something that would bring the government and the tech communities together". More effort won't solve the problem - but the misunderstanding lies at the heart of why exceptional access is so hard. more»

Experienced a Breach? Here Are Four Tips for Incident Response

The threat level has never been higher for organizations charged with protecting valuable data. In fact, as recent headlines will attest, no company or agency is completely immune to targeted attacks by persistent, skilled adversaries. The unprecedented success of these attacks against large and well-equipped organizations around the world has led many security executives to question the efficacy of traditional layered defenses as their primary protection against targeted attacks. more»

Cryptography is Hard

In the debate about "exceptional access" to encrypted conversations, law enforcement says they need such access to prevent and solve crimes; cryptographers, on the other hand, keep saying it's too complicated to do safely. That claim is sometimes met with skepticism: what's so hard about encryption? After all, you learn someone's key and just start encrypting, right? I wish it were that simple - but it's not. more»

Deadline of Dec 21 To Submit Nominations for 2016 Internet Society Board of Trustees

Are you passionate about preserving the global, open Internet? Do you want to help guide work to connect the unconnected and promote / restore trust in the Internet? Do you have experience in Internet standards, development or public policy? If so, please consider applying for one of the open seats on the Internet Society Board of Trustees.
The Internet Society serves a pivotal role in the world as a leader on Internet policy, technical, economic, and social matters, and as the organizational home of the Internet Engineering Task Force (IETF). more»

Verisign's Perspective on Recent Root Server Attacks

On Nov. 30 and Dec. 1, 2015, some of the Internet's Domain Name System (DNS) root name servers received large amounts of anomalous traffic. Last week the root server operators published a report on the incident. In the interest of further transparency, I'd like to take this opportunity to share Verisign's perspective, including how we identify, handle and react, as necessary, to events such as this. more»

The WSIS+10 Outcome Document - Some Initial Thoughts

The final outcome document of the WSIS +10 Review was released late last night. I thought I would give you some initial impressions as we enter the week of the WSIS+10 Review at the United Nations in New York. The text endorses the central tenet of the multistakeholder model of governing ourselves on the Internet and re-commits to the Tunis agreement. It extends the mandate of the IGF for 10 years recognizing the role that this Forum plays in bottom up governance processes. more»

Internet Governance Forum Publishes BPs on Regulation and Mitigation of Unsolicited Communications

The IGF this morning published a number of reports, including the aforementioned one, at the URL provided, titled 'IGF 2015 Best Practice Forum Regulation and mitigation of unsolicited communications.' The reports can be found in the included URLs on the IGF Website. more»

News Briefs

Obama Proposes $19 Billion for Cybersecurity in Final Budget Plan

Reported Cyberattack Against Israel Only Ransomware to Regulatory Body, Electric Grid Not In Danger

Israel Becoming a Go-To Place for Cybersecurity

91.3% of Malware Use DNS as a Key Capability

Companies and Organizations Around the World Ask Leaders to Support Strong Encryption

U.S. Senators Introduce SEC Cybersecurity Disclosure Legislation

Internet Root Servers Hit with Unusual DNS Amplification Attack

UK Announces Additional £1.9 Billion in Cyber Security Funding

Email More Secure Today Than Two Years Ago, Research Suggests

Internet Activity in Britain Stored for a Year Under New Surveillance Law

Public Cloud Services in Mature Asia/Pacific Region to Reach $7.4 Billion in 2015

United States and Britain to Conduct Financial Cyber-Security Test

Reported Risk of Undersea Communication Cable Sabotage Are Exaggerated

U.S. Concerned over Increasing Russian Submarine Patrols Near Data Cables

Experts Propose Plan for More Secure Wi-Fi Devices

Senior U.S. and Chinese Officials Conclude Four-Day Meeting on Cyber Security

Hacking Increasingly Becoming a Physical Concern

Networking Firm Loses $46.7 Million to Fraudulent Wire Transfer

ICANN Website Breached, Passwords Obtained by an Unauthorized Person

Group Working on Securing Email Using DNS

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Not a Guessing Game

Verisign Updates – Sponsor

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

As part of our efforts to support National Cyber Security Awareness Month by sharing the latest cybersecurity research, Verisign released its Q3 2015 DDoS Trends Report, which represents a unique view into attack trends unfolding online for the previous quarter. ›››

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Attend to learn some of the new tools and techniques to secure availability of applications in hybrid-cloud environments. ›››

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

If you are one of the 55 percent of individuals who are anxious about openly handing over your private information, what can you do? The first step is to determine your digital footprint. ›››

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

In the recently published Forrester WAVE: DDoS Service Providers, Q3 2015 report, Forrester notes the importance of a hybrid approach to distributed denial of service (DDoS) protection. ›››

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Verisign just released its Q2 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Of the many options to manage BYOD on the network, IT organizations tend to choose one of the following two approaches: they either enact a policy prohibiting the use of BYODs, or install local clients on each device to track and monitor BYOD behavior. Each of these approaches comes with its own pros and cons. ›››

Announcing Verisign IntelGraph: Unprecedented Context for Cybersecurity Intelligence

With significant data breaches making headlines over the last six months, most notably the U.S. Government's Office of Personnel Management (OPM), organizations managing critical networks and data are watching their worst nightmares play out on a public stage. ›››

Industry Updates

Participants – Random Selection