Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

Internet Security Marketing: Buyer Beware

As security breaches increasingly make headlines, thousands of Internet security companies are chasing tens of billions of dollars in potential revenue. While we, the authors, are employees of Internet security companies and are happy for the opportunity to sell more products and services, we are alarmed at the kind of subversive untruths that vendor "spin doctors" are using to draw well-intentioned customers to their doors. Constructive criticism is sometimes necessarily harsh, and some might find the following just that, harsh. But we think it's important that organizations take a "buyers beware" approach to securing their business. more»

Is Upping the Minimum Wage Good for the Information Security Industry?

The movement for upping the minimum wage in the US is gathering momentum. Protests and placard waving are on the increase, and the quest for $15 per hour is well underway. There are plenty of arguments as to why such a hike in minimum wage is necessary, and what the consequences could be to those businesses dependent upon the cheapest hourly labor. But, for the information security industry, upping the minimum wage will likely yield only good news. more»

Starting a New Conversation on Cybersecurity

The cybersecurity debate can be highly confusing at times. There is perhaps an analogy to be made between "Cybersecurity" and "The Economy". We all want to fix the economy but making progress is not an easy task. As soon as you are beyond that statement you notice that there is a lot of nuance. Issues like trust, influence, actors, and affectivity all come to play when you want to fix the Economy. The cybersecurity discourse has similar features. more»

DNS-Based DDoS: Diverse Options for Attackers

Denial of service attacks have been around since the Internet was commercialized and some of the largest attacks ever launched relied on DNS, making headlines. But every day a barrage of smaller DNS-based attacks take down targets and severely stress the DNS ecosystem. Although DNS servers are not usually the target of attacks they are often disrupted so attention from operation teams is required. There is no indication the problem is going away and attackers continue to innovate. more»

Cyptech Needs You!

In August of last year I wrote in a blog about the importance of cryptech to wide-scale trust in the Internet. For those who don't know about it, http://cryptech.is is a project aiming to design and deploy an openly developed, trustable Hardware Security Module (HSM) which can act both as a keystore (holding your secrets and keeping them private) and as a signing engine. more»

Back from RightsCon Manila: Trading Freedoms for Security?

In Asia -- a region that at various points in its recent history has been a hotbed for civil unrest, secessionist movements and political instability -- the line between national security and public interest can be difficult to draw. A session organised by the Internet Society at the recently held RightsCon Southeast Asia in Manila shed some light on the perceived trade-offs between national security objectives and digital rights, in particular freedom of expression and privacy. more»

Deadline of April 10 to Apply For CARIS Workshop on Coordinating Response to Internet Attacks

You have just a couple of days to either complete a survey or submit a paper to join the "Coordinating Attack Response at Internet Scale (CARIS)" Workshop happening on June 19, 2015, in Berlin, Germany... If you are interested in helping improve the overall security and resilience of the Internet through increased communication between the groups responding to the large-scale attacks happening on the Internet every day, I would strongly encourage you to apply! more»

Driving Force Behind Mobile Connect Initiative

Increased pressure is being exerted in different parts of the industry to create a more secure and a more private environment for a range of mobile activities. Whether it is women in developing economies who need to be certain that their communication is kept private, especially in relation to their husband and male relatives, or the 100 million users, mainly in developing economies, which rely heavily on mobile payments; there are now 16 countries that have more citizens with mobile bank accounts than the traditional ones. more»

IPv6 Security Myth #10: Deploying IPv6 is Too Risky

After a quick break to catch our breath (and read all those IPv6 Security Resources), it's now time to look at our tenth and final IPv6 Security Myth. In many ways this myth is the most important myth to bust. Let's take a look at why... Myth: Deploying IPv6 Makes My Network Less Secure... I can hear you asking "But what about all those security challenges we identified in the other myths?" more»

Internet Governance Survey: What You Told Us

What do people perceive to be the top issues facing the Internet today? How can stakeholders work more effectively together to strengthen the governance mechanisms meant to address these issues? And when it comes to the Internet Society, what should our role be and where should we focus our attention? To help inform our work in Internet governance, we posed these and other questions to our community in February. We had an overwhelming response with over 800 people taking a few minutes of their time to answer our survey. more»

Join Live On Sunday - 2nd Registration Operations Workshop (ROW) In Dallas

This Sunday, March 22, 2015, the second Registration Operations Workshop (ROW) will be taking place at the Fairmont Dallas hotel from 12:30 -- 4:30 pm CDT. Discussion will include extensions to EPP, new encryption initiatives and also suggestions for ways to further automate DNS interactions between registries, registrars and DNS operators, including a need to do this for DNSSEC. more»

Is DNSSEC Worth the Effort?

A blog post has created some attention online through its extremely negative attitude to DNSSEC. Through the years, I have come in contact with many arguments against DNSSEC that suggest that anyone who is critical has not managed to or wanted to familiarize themselves with what DNSSEC is and does. We have received many questions concerning the article, so I feel it's appropriate to respond to the criticism. more»

Why the 1# Vulnerability for Cyber Attacks Will Be Apathy

Everyone has heard of the cyber security attacks on Target (2013), Home Depot (2014), Neiman Marcus (2014), Sony Pictures (2014), and the United States' second-largest health insurer, Anthem (reported February 2015), but have you heard of the security breaches for Aaron Brothers, Evernote (denial of service attack), P.F. Chang's China Bistro, Community Health Services, Goodwill Industries, SuperValu, Bartell Hotels, Dairy Queen, U.S. Transportation Command contractors, and more. more»

IPv6 Security Myth #9: There Aren't Any IPv6 Security Resources

We are approaching the end of this 10 part series on the most common IPv6 security myths. Now it's time to turn our eyes away from security risks to focus a bit more on security resources. Today's myth is actually one of the most harmful to those who hold it. If you believe that there is no good information out there, it's nearly impossible to find that information. So let's get down to it and dispel our 9th myth. more»

Coordinating Attack Response at Internet Scale

How do we help coordinate responses to attacks against Internet infrastructure and users? Internet technology has to scale or it won't survive for long as the network of networks grows ever larger. But it's not just the technology, it's also the people, processes and organisations involved in developing, operating and evolving the Internet that need ways to scale up to the challenges that a growing global network can create. more»

News Briefs

Research Finds Mobile Malware Infections Overblown

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Internet Society Issues Statement on Developing Cyber Security Policy Initiatives

UK Power Grid Under Minute-by-Minute Cyberattack

Symantec Chosen as Verification Agent for .bank and .insurance TLDs

A Survey of Internet Users from 24 Countries Finds 83% Consider Affordable Access Basic Human Right

DNS Based DDoS Attacks Using White House Press Releases

Group Announces Certificate Authority to Encrypt the Entire Web, Lunching in 2015

European Data Breaches Have Resulted in Loss of 645 Million Records Since 2004

A Look at the Security Collapse in the HTTPS Market

TCP Stealth Aims to Keep Servers Safe from Mass Port-Scanning Tools

Google Announces Project Zero to Secure the Internet

DDoS Attacks Shutdown Several World Cup Websites

Popular RSS Reader Feedly Suffers Back to Back DDoS Attacks, Held for Ransom

Paul Vixie on How the Openness of the Internet Is Poisoning Us

Sophia Bekele: The AUCC Debate on Cybersecurity Needs to Involve All Stakeholders

European Standardization Organizations Discuss Role of Standards for EU Cybersecurity Strategy

US House Hearing Scheduled on Internet Stability, IANA Transition

Secure Domain Foundation Launched to Help Internet Infrastructure Operators Fight Cybercrime

Widespread Compromised Routers Discovered With Altered DNS Configurations

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Not a Guessing Game

Verisign Updates – Sponsor

Verisign OpenHybrid for Corero and Amazon Web Services Now Available

By integrating intelligence from a customer's existing security defenses, Verisign OpenHybrid™ provides timely detection and restoration of services in the event of an attack, while providing increased visibility of DDoS threats across multiple environments such as private datacenters and public clouds. ›››

Public Sector Experiences Largest Increase in DDoS Attacks (Verisign's Q4 2014 DDoS Trends)

Verisign has released its Q4 2014 DDoS Trends Report providing a unique view into DDoS attack trends from mitigations on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services, and the security research of iDefense Security Intelligence Services. ›››

Help Ensure the Availability and Security of Your Enterprise DNS with Verisign Recursive DNS

This new cloud-based recursive DNS service leverages Verisign's global, securely managed DNS infrastructure to offer the performance, reliability and security that enterprises demand when securing their internal networks and that communications safely and securely reach their intended destinations. ›››

Verisign iDefense 2015 Cyber-Threats and Trends

Here is an overview of the key cyber security trends we expect to see in 2015. The majority of this year's threats and trends reflect research on iDefense's core focus areas of cyber-crime, cyber espionage and hacktivism. ›››

What's in Your Attack Surface?

The concept of "attack surface" has been batted around in the security community for a long time. At a high-level, we all get the gist of it: the more exposed a system is to attackers (attack surface) the more risk it is probably exposing to those who depend on it, but what does that mean? ›››

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

Verisign just released its Q3 2014 DDoS Trends Report, which details observations and insights derived from distributed denial of service attack mitigations enacted on behalf of, and in cooperation with, customers of Verisign DDoS Protection Services from July through September of this year. ›››

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Andrew G. West, a Research Scientist in Verisign Labs, along with collaborator and U.S. Naval Academy professor Adam J. Aviv examined nearly 900 million user-submitted URLs to gauge the prevalence and severity of privacy leaks. ›››

Industry Updates

Participants – Random Selection