Internet security is the prevention of unauthorized access and/or damage to computer systems via internet access. Internet security practices are primarily focused in four major areas: penetration testing, intrusion detection, incidence response, and legal compliance. Read the full background at Security Wikipedia
If you put 65 million people in a locked room, they’re going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran’s crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC... more»
Apple's Wordwide Developers Conference may have just ended, but already, the conference release of Mac's OS X 10.6 — a beta build previewed for developers — has been leaked onto torrent sites. It borders on irony: for years, Mac lovers have touted the superior security of the Mac operating system over Windows, but earlier this year, it was torrent sites — the very sites where OS X 10.6 is now being freely copied — that caused more than 25,000 Mac users to fall victim to the iServices Trojan. Some Macs never learn. more»
I'm interested in CircleID community's take on NeuStar's recent announcement of Cache Defender. While only effective for domains the company is authoritative for, that does cover a large number of big Internet brands and financial institutions. Why wouldn't an ISP deploy this now, while waiting for all the myriad issues involved in DNSSEC to be resolved? more»
As I've been getting ready to catch my plane for ICANN 35 (Sydney), I can't help but thinking that there are a lot of things going down these days that will dramatically affect makeup of the Internet for years to come. Next year at this time, the root could be a very, very different place. A few of the items that will be getting deconstructed, discussed, debated Down Under are outlined below... more»
Phishing, stealing personal information by impersonating a trusted organization, is a big problem that's not going away. Most antiphishing techniques to date have attempted to recognize fake e-mail and fake web sites, but this hasn't been particularly effective. A more promising approach is to brand the real mail and real web sites. more»
There's a pernicious meme floating around that DomainKeys Identified Mail (DKIM) doesn't work with discussion lists, particularly those hosted on common open source software packages like MailMan. It's particularly odd to see this claim after I set it up successfully on a stock Debian server in less than half an hour, just a few weeks ago. Here's how it can, should, and does work. more»
Seventy-five years ago today, on May 29th, 1934, Egyptian private radio stations fell silent, as the government shut them down in favor of a state monopoly on broadcast communication. Egyptian radio "hackers" (as we would style them today) had, over the course of about fifteen years, developed a burgeoning network of unofficial radio stations... It couldn't last. After two days of official radio silence, on May 31st, official state-sponsored radio stations (run by the Marconi company under special contract) began transmitting a clean slate of government-sanctioned programming, and the brief era of grass-roots Egyptian radio was over... more»
A few months ago, I made a post about IPv6 security. I've caught some flak for saying that IPv6 isn't a security issue. I still stand by this position. This is not to say that you should ignore security considerations when deploying IPv6. All I claim is that deploying IPv6 in and of itself does not make an organization any more or less secure. This point was made by Dr. Joe St. Sauver, of the University of Oregon... more»
Before we get into what DNSSEC is and the benefits of it, let's talk about some of the other potential pitfalls of DNS. One of the most significant issues we have to deal with are denial-of-service (DoS) attacks. While DoS attacks are not specific to DNS we have seen DNS be a frequent target of these attacks. more»
A US District Judge in Maine largely granted a motion to dismiss brought by Hannaford in a big data breach case... According to the court, around March 2008, third parties stole up to 4.2 million debit and credit card numbers, expiration dates, security codes, PIN numbers, and other information relating to cardholders "who had used debit cards and credit cards to transact purchases at supermarkets owned or operated by Hannaford." more»
MarkMonitor, the global leader in enterprise brand protection, today released the company's latest Brandjacking Index that studies how fraudsters are abusing major financial brand names and topical subjects like refinancing or unemployment to lure unsuspecting consumers to questionable websites. ›››
This vulnerability, brought to public attention last year by security researcher Dan Kaminsky, allows criminal elements to engage in "DNS cache poisoning" for the malicious hijacking of domain names and results in consequent damage from large-scale identity theft, among other illegal activities. ›››
The Internet Corporation for Assigned Names and Numbers (ICANN) has recently released a number of important documents. This post includes brief synopses of these newly released documents. ›››
Today, .ORG, The Public Interest Registry, the company behind the .ORG domain name, is the first open generic Top-Level Domain to successfully sign the .ORG zone file with Domain Name Security Extensions (DNSSEC). To date, the .ORG zone is the largest domain registry to implement the security measure. ›››
The DNSSEC Industry Coalition Symposium is announced today in collaboration with Google, Nominum, Inc. and ICANN and will be held June 11-12, 2009, in Washington, DC. The purpose will be to discuss and identify potential and perceived issues with the Domain Name System (DNS) and DNSSEC deployment due to signing the DNS root zone. ›››
MarkMonitor today announced that SPIL GAMES, the world's ultimate online game destination, will be using MarkMonitor Domain Management to centrally manage SPIL GAMES' key domains. ›››
MarkMonitor, the global leader in enterprise brand protection, today announced Facebook has selected MarkMonitor AntiFraud Solutions to supplement its own in-house security efforts in protecting users against malware attacks. ›››
MarkMonitor announces AntiFraud Solutions, offering patented technology to enable brand owners to prevent, detect and respond to phishing and malware attacks. Service leverages the extensive MarkMonitor network of relationships and technology designed to thwart phishing attacks in order to combat the rapidly expanding problem of malware targeting brands. ›››
DNSstuff.com has announced in partnership with Trusteer that it is offering Rapport, a tool that protects your transactions from being tampered with and private information from being stolen, through its website, dnsstuff.com.
Rapport is an easy-to-use browser plug-in that provides users with a secure connection to any online site they log into, protecting their most valuable online assets — login credentials. ›››
MarkMonitor has announced AntiFraud Solutions, offering patented technology to enable brand owners to prevent, detect and respond to phishing and malware attacks. MarkMonitor AntiFraud Solutions leverage the extensive MarkMonitor network of relationships and technology designed to thwart phishing attacks in order to combat the rapidly expanding problem of malware targeting brands.
›››