-
Blogs
-
News
-
Industry
-
Community
-
Topics
A common security prediction for 2010 is the continued rise of malware and phishing attacks on mobile phones. The MarkMonitor Security Operations Center recently detected an interesting twist on this theme involving a popular smartphone and the latest smart technologies used by cybercriminals. In this case, instead of compromising a smartphone to steal its information, cybercriminals used phishing techniques to clone smartphones. more»
Maybe you saw the stories recently about comments that were made at a recent World Economic Forum debate on cyberwarfare. As one of them notes, Hamadoun Toure, Secretary General of the International Telecommunications Union, proposed a treaty in which countries would pledge not to attack each other without having been attacked. This post isn't about Mr. Toure's proposal. It's about a comment the story attributes to Craig Mundie, Chief Research and Strategy Officer for Microsoft. According to The Raw Story, Mundie "called for a `driver's license' for internet users." more»
The 2010 Domain Pulse, hosted by SWITCH (the .CH registry) was held in the snowy Swiss city of Luzern. Domain Name Security (DNS) was of particular importance in this year's meeting with DNSSEC being implemented in the root zone in 2010 by ICANN, and by many registries in the next few years. ICANN plan to have all root servers signed with DNSSEC by mid-2010 Kim Davies, Manager, Root Zone Services at ICANN told the meeting, starting with the L root server, then A root server with the last being the J root server as all are gradually signed. more»
I have previously pointed out the shortcomings of good and user friendly support for DNSSEC in Microsoft's Server 2008 R2. During the period just after I wrote the post, I had a dialogue with Microsoft, but during the last months there has been no word at all. The reason I bring this up again is that more and more Top Level Domains (TLDs) now enable DNSSEC and also the fact that within six months the root will be signed. more»
The Australian has a good article describing the efforts some of their ISPs are making in an attempt to clean up their act: the government is encouraging ISPs to detect computers on their network that are infected and part of botnets, and to communicate to the customer that their system is compromised... Unless the customer feels a little bit of pain they will not change their ways. more»
There have been a number of reports recently about customer lists leaking out through Email Service Providers (ESPs). In one case, the ESP attributed the leak to an outside hack. In other cases, the ESPs and companies involved have kept the information very quiet and not told anyone that data was leaked. People do notice, though, when they use single use addresses or tagged addresses and know to whom each address was submitted. Data security is not something that can be glossed over and ignored. more»
In 2008 KnujOn published a report indicating that 70 ICANN accredited Registrars had no publicly disclosed business location. The fundamental problem was one of community trust and consumer faith. Registrars extend their legitimacy to their domain customers who then transact and communicate with the public. more»
Is anyone calling espionage by means of computers cyber-espionage yet? I hope not. At least they shouldn't call it cyber war. Two news stories of computerized espionage reached me today. The first, regarding the Oil industry, was sent by Marc Sachs to a SCADA security mailing list we both read. The second, about the hotel industry, was sent by Deb Geisler to science fiction convention runners (SMOFS) mailing list we both read. more»
My main argument is about the policy of handling vulnerabilities for 6 months without patching (such as the Google attacks 0day apparently was) and the policy of waiting a whole month before patching this very same vulnerability when it first became an in-the-wild 0day exploit (it has now been patched, ahead of schedule). Microsoft is the main proponent of responsible disclosure, and has shown it is a responsible vendor... I simply call on it to stay responsible and amend its faulty and dangerous policies. more»
CERN put the Large Hadron Collider through some rigorous tests, and apparently at first some of the Siemens manufactured SCADA systems failed. While they are apparently better now, and I am happy to see how serious CERN is about security, this does beg the question... WAIT! You mean it's connected to the Internet? I suddenly don't feel so safe. more»
Copyright © 2002-2010 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
