Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

Join InterCommunity 2015 on July 7/8 to Talk Future of Internet Governance, Security, Access

What are the most pressing Internet governance issues in the next 2-5 years? What are the biggest priorities in terms of making the Internet more secure and trusted? What are the best ways to bring the next 3 billion people online? Those will all be topics of discussion at the "InterCommunity 2015" meeting taking place this week on July 7 and 8. The meeting will not take place at any one physical location... more»

Understanding the Threat Landscape: Indicators of Compromise (IOCs)

I previously provided a brief overview of how Verisign iDefense characterizes threat actors and their motivations through adversarial analysis. Not only do security professionals need to be aware of the kinds of actors they are up against, but they should also be aware of the tactical data fundamentals associated with cyber-attacks most commonly referred to as indicators of compromise (IOCs). Understanding the different types of tactical IOCs can allow for quick detection of a breach... more»

DNSSEC Successes, Statistics and Innovation Streaming Live from ICANN 53 on 24 June 2015

Where has DNSSEC been successful? What are some current statistics about DNSSEC deployment? What are examples of innovations that are happening with DNSSEC and DANE? All of these questions will be discussed at the DNSSEC Workshop at ICANN 53 in Buenos Aires happening on Wednesday, June 24, 2015, from 09:00 – 15:15 Argentina time (UTC-3). You can watch and listen to the session live. more»

.BANK Launches With a Bang

The 30-day .BANK Sunrise Period just concluded this week and is notable for several reasons. The .BANK TLD is highly restricted to members of the banking industry. The .BANK Registry (which also has rights to .INSURANCE, launching this fall), was founded by 24 companies and organizations from the banking and insurance industries, The Registry's founders include industry leaders such as the American Banking Association, Citigroup, Dollar Bank, Independent Community Bankers of America, JPMorgan, Visa and Wells Fargo. more»

Understanding the Threat Landscape: Cyber-Attack Actors and Motivations

The threat landscape has rapidly expanded over the past few years, and shows no signs of contracting. With major establishments in both the public and private sectors falling victim to cyber-attacks, it is critical for organizations to identify the motivations, modus operandi (MO) and objectives of adversaries in order to adequately and effectively defend their networks. Understanding the taxonomy of cyber-attacks is the first step in preparing an organization against exposure to them. more»

The Cycle of E-Mail Security

Stepping back from the DMARC arguments, it occurs to me that there is a predictable cycle with every new e-mail security technology... Someone invents a new way to make e-mail more secure, call it SPF or DKIM or DMARC or (this month's mini-fiasco) PGP in DANE. Each scheme has a model of the way that mail works. For some subset of e-mail, the model works great, for other mail it works less great. more»

EuroDIG Sessions on Friday, June 5, about Cybersecurity, Network Neutrality, IANA, Access and More

What do Europeans interested in Internet policy think about cybersecurity, network neutrality, IANA, improving Internet access and other topics? Tomorrow the second day of the European Dialog on Internet Governance (EuroDIG) 2015 in Sofia, Bulgaria, will cover all those topics and many more. I've listed some of the sessions that either I or my Internet Society colleagues are participating in. I will personally be involved as a panelist on the two sessions about cybersecurity. more»

Facebook and PGP

Facebook just announced support for PGP, an encrypted email standard, for email from them to you. It's an interesting move on many levels, albeit one that raises some interesting questions. The answers, and Facebook's possible follow-on moves, are even more interesting. The first question, of course, is why Facebook has done this. It will only appeal to a very small minority of users. Using encrypted email is not easy. more»

Registry Lock - or EPP With Two Factor Authentication

For the last couple of years, the most common attack vector against the DNS system is the attack against the registrar. Either the attack is on the software itself using weaknesses in the code that could inject DNS changes into the TLD registry, or social engineering the registrar support systems and the attacker receives credentials that in turn allows the attacker to perform malicious changes in DNS. DNSSEC is the common security mechanism that protects the DNS protocol, but by using the registrar attack, any changes will result in a proper working DNS delegation. more»

The Internet of Things: Solving Security Challenges from the Fringe to the Core

News flash: to help fight California's drought, Samsung is offering a $100,000 prize to the innovator who creates "the most effective use of IoT and ARTIK [Samsung's IoT platform] technology for reducing water consumption by individuals or municipalities." When the average reader of this news headline needs no explanation of what "IoT" means or what this contest is about, we know IoT, or the Internet of Things, is for real. There are already an estimated 25 billion connected devices around the world, according to expert estimates. more»

The Longevity of the Three-Napkin Protocol

It is not often I go out to my driveway to pick up the Washington Post -- yes, I still enjoy reading a real physical paper, perhaps a sign of age -- and the headline is NOT about how the (insert DC sports team here) lost last night but is instead is about an IT technology. That technology is the Border Gateway Protocol (BGP), a major Internet protocol that has been around for more than a quarter century, before the Internet was commercialized and before most people even knew what the Internet was. more»

Hacking: Users, Computers, and Systems

As many people have heard, there's been a security problem at the Internal Revenue Service. Some stories have used the word hack; other people, though, have complained that nothing was hacked, that the only problem was unauthorized access to taxpayer data but via authorized, intentionally built channels. The problem with this analysis is that it's looking at security from far too narrow a perspective... more»

Phishing in the New gTLDs

The new Anti-Phishing Working Group (APWG) Global Phishing Survey has just been released. Written by myself and Rod Rasmussen of IID, the report is the "who, what, where, when, and why" look at phishing, examining the second half of 2014. The report has many findings, but here I'll concentrate on the new gTLDs. The second half of 2014 was when an appreciable number of new gTLDs entered general availability and started to gain market share. more»

Trust and Collaboration - Key Features for the Internet's Future

Last week, Columbia University's School of International and Public Affairs (SIPA), in collaboration with the Global Commission on Internet Governance (GCIG), hosted a conference on Internet governance and cybersecurity. The conference gathered a variety of experts to discuss issues pertaining to Internet governance, human rights, data protection and privacy, digital trade, innovation and security. more»

Diving Into the DNS

If you are at all interested in how the Internet's Domain Name System (DNS) works, then one of the most rewarding meetings that is dedicated to this topic is the DNS OARC workshops. I attended the spring workshop in Amsterdam in early May, and the following are my impressions from the presentations and discussion. What makes these meetings unique in the context of DNS is the way it combines operations and research, bringing together researchers, builders and maintainers of DNS software systems, and operators of DNS infrastructure services into a single room and a broad and insightful conversation. more»

News Briefs

US Army Site Hacked as Obama Vows 'Aggressive' Response to Cyberattacks

IPv6 Adoption Brings New Security Risks

Placing New Domain Names in Temporary "Penalty Box" Could Deter Malicious Use, Says Paul Vixie

Record Number of Malware Variants Detected in Q4 of 2014, Retail/Service Most Targeted

Research Finds Mobile Malware Infections Overblown

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Internet Society Issues Statement on Developing Cyber Security Policy Initiatives

UK Power Grid Under Minute-by-Minute Cyberattack

Symantec Chosen as Verification Agent for .bank and .insurance TLDs

A Survey of Internet Users from 24 Countries Finds 83% Consider Affordable Access Basic Human Right

DNS Based DDoS Attacks Using White House Press Releases

Group Announces Certificate Authority to Encrypt the Entire Web, Lunching in 2015

European Data Breaches Have Resulted in Loss of 645 Million Records Since 2004

A Look at the Security Collapse in the HTTPS Market

TCP Stealth Aims to Keep Servers Safe from Mass Port-Scanning Tools

Google Announces Project Zero to Secure the Internet

DDoS Attacks Shutdown Several World Cup Websites

Popular RSS Reader Feedly Suffers Back to Back DDoS Attacks, Held for Ransom

Paul Vixie on How the Openness of the Internet Is Poisoning Us

Sophia Bekele: The AUCC Debate on Cybersecurity Needs to Involve All Stakeholders

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Not a Guessing Game

Verisign Updates – Sponsor

Introducing the Verisign DNS Firewall

Verisign DNS Firewall is an easy-to-configure, cost effective managed cloud-based service that offers robust protection from unwanted content, malware and advanced persistent threats (APTs), delivered with the ability to customize filtering to suit an organization's unique needs. ›››

Verisign Named to the Online Trust Alliance's 2015 Honor Roll

Verisign is excited to announce that we made the Online Trust Alliance's (OTA) 2015 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. This is the third consecutive year that Verisign has received this honor. ›››

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

The National Small Business Association (NBSA) recently released a report revealing that half of all small businesses have been the victim of a cyber-attack -- and the cost of dealing with these attacks has skyrocketed to $20,752 per attack. ›››

Key Considerations for Selecting a Managed DNS Provider

I spend a lot of time talking with customers about how they choose their managed DNS provider. In listening to their stories over the years, I have noticed that many of them use similar (if not identical) criteria to make this very important decision. ›››

Verisign Mitigates More DDoS Attacks in Q1 2015 than Any Quarter in 2014

Verisign has just released its Q1 2015 DDoS Trends Report, providing a unique view into the online distributed denial of service (DDoS) attack trends from mitigations on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services, and the security research of iDefense Security Intelligence Services. ›››

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

By integrating intelligence from a customer's existing security defenses, Verisign OpenHybrid™ provides timely detection and restoration of services in the event of an attack, while providing increased visibility of DDoS threats across multiple environments such as private datacenters and public clouds. ›››

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Verisign has released its Q4 2014 DDoS Trends Report providing a unique view into DDoS attack trends from mitigations on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services, and the security research of iDefense Security Intelligence Services. ›››

Industry Updates

Participants – Random Selection