Security

Topic Background
Topic Feed

Internet security is the prevention of unauthorized access and/or damage to computer systems via internet access. Internet security practices are primarily focused in four major areas: penetration testing, intrusion detection, incidence response, and legal compliance. Read the full background at Security Wikipedia

Extra Feeds & Services »

Security / Featured Blogs

Localizing Cybercrime

Nov 28, 2008

It's where you advertise your services, and how you position yourself that speak for your intentions, of course, "between the lines". There's a common misunderstanding that in order for a malware campaigner or scammer to launch a localized attack, they need to speak the local language. This misconception is largely based on the fact that a huge number of people remain unaware on how core strategic business practices have been in operation across the cybercrime underground for the last couple of years. more»

Why DNS is Broken, in Plain English

Nov 13, 2008

At ICANN's meeting in Egypt last week, I had the opportunity to try and explain to various non-technical audiences why the Domain Name System (DNS) is vulnerable to attack, and why that is important, without needing a computer science degree to understand it. Here is the summary. more»

The Harsh Reality of Spam and Online Security… Should I Stay or Should I Go?

Nov 13, 2008

Working in the anti-spam and online malware fight can be depressing or at best invoke multiple personality disorder. We all know things are bad on the net, but if you want a dose of stark reality, check out Brian Kreb's fantastic 'Security Fix' blog on the Washington Post site... Speaking to an old friend who asked me what I was doing these days, I recently likened the fight against this relentless onslaught to having one's pinky in a dyke, and there are days when I don't even think we have a dyke! more»

Proposal for Signing the DNSSEC Root

Nov 13, 2008

The U.S. National Telecommunications and Information Administration (NTIA) is soliciting comments on signing the DNSSEC root. Ignore the caption on the page: this is not about DNSSEC deployment, which is already happening just fine. It's about who gets to sign the root zone. more»

More on 'Researchers Hijack Storm Worm to Track Profits'

Nov 10, 2008

Always good for information on the spam economy, Brian Krebs of the Washington Post has just published a truly fascinating article: Researchers Hijack Storm Worm to Track Profits. Bottom line: a one-in-twelve-million conversion rate of spam to sales seems to be enough to keep the spam economy going. The article covers a project by researchers at UC San Diego and UC Berkeley, who managed to infiltrate the Storm Worm bot network and take over a small portion of it. more»

Domain Slammers Go Phishing

Oct 30, 2008

ICANN introduced a requirement for domain name registrars to send out annual notices to all their customers (registrants) to check the Whois on their domain names to ensure the information is correct. While this seemed fairly reasonable (if cumbersome), the fact is it confuses the heck out of people -- and creates a whole lot of confusion for registrants. But that was a problem we could deal with. Fast-forward to October, 2008... more»

Phishing Registrar Accounts: eNom is First Target

Oct 29, 2008

Criminals are now looking to use established domain names, via phishing targeted at domain registrars. This is possibly related to ICANN finally moving to stop the black hat registrars of the world. According to the first report on the matter sent yesterday to Registrar Operations (reg-ops) mailing list, the attacks seem to be run by gang of child pornography spammers. more»

Compromised Portfolios of Legitimate Domain Names for Sale

Oct 24, 2008

Is the demand for access to compromised legitimate portfolios of domain names -- where the price is based on the pagerank and is shaped by the number of domains in question -- the main growth factor for the increasing supply of such stolen accounting data? Or is it the result of cybercriminals data mining their botnets for accounting data that would provide them with access to such portfolios of high trafficked domains with clean reputation? more»

Co-Operation to Make the Domain Business More Secure

Oct 24, 2008

In order to provide more security for the Domain Name System (DNS), a group of large domain-name registries and registrars has got together with IT security providers and government agencies to launch a new workgroup: the "Registry Internet Safety Group" (RISG). The announcement was made by the Public Internet Registry, which operates the .org domain, and its backend provider Afilias. more»

Massive SQL Injection Attacks: The Chinese Way

Oct 22, 2008

From copycats and "localizers" of Russian web malware exploitation kits, to suppliers of original hacking tools, the Chinese IT underground has been closely following the emerging threats and the obvious insecurities on a large scale. They are either filling the niches left open by other international communities, or coming up with tools and setting new benchmarks for massive SQL injection attacks. more»

Industry Updates

DNSSEC FUD Buster: DNSSEC is Not Necessary?

Nov 06, 2008

.ORG, The Public Interest Registry is pleased to announce the next guest blogger for our DNSSEC FUD Buster series. Ram Mohan is the Executive Vice President, & Chief Technology Officer of Afilias Limited. Ram has led the strategic growth initiatives at Afilias Limited in registry services and security as well as new product sectors such as RFID/Auto-ID, global DNS and Internationalized Domain Names (IDNs). ›››

  • By PIR
  • Views: 671

DNSSEC "FUD" Buster: Don't Panic

Oct 27, 2008

.ORG, The Public Interest Registry is pleased to announce of first guest blogger for our DNSSEC FUD series. John Kristoff works as a research analyst for Team Cymru, a Internet Security Research company based in Chicago specializing in the 'who' and the 'why' of Internet crime. ›››

  • By PIR
  • Views: 621

PIR Announces Formation of Registry Internet Safety Group

Oct 22, 2008

The Registry Internet Safety Group (RISG) is a global group of responsible Internet related companies whose mission is to work collaboratively to combat Internet identity theft. Even though RISG is uniquely Registry focused, it includes both gTLD and ccTLD members. RISG is intended to complement and not duplicate existing Internet security efforts. ›››

  • By PIR
  • Views: 775

.ORG Talks with Dan Kaminsky on DNSSEC

Oct 01, 2008

The following post is based on a recent discussion .ORG had with Dan Kaminsky, a DNS expert best know for discovering a serious DNS bug, about DNSSEC and how it is a critical step toward bolstering Internet security. ›››

  • By PIR
  • Views: 1,240

blinkx Video Search Engine Selects UltraDNS Managed DNS Services

Sep 15, 2008

World's largest and most advanced video search engine, has chosen NeuStar's UltraDNS Managed DNS Services to augment the performance, reliability, and scalability of the blinkx network infrastructure and to take advantage of NeuStar's innovative suite of traffic management services. ›››

.ORG Applauds US Government on DNSSEC

Aug 29, 2008

.ORG applauds the US Government's decision last week to require all users of the .GOV domain to implement DNSSEC, and even more importantly, to sign the .GOV root. .ORG is the first generic Top Level Domain authorized by ICANN to implement DNSSEC, and we are hard at work putting together a comprehensive plan to roll it out. ›››

  • By PIR
  • Views: 1,667

nugg.ad Selects NeuStar's UltraDNS Services

Aug 26, 2008

nugg.ad, a German company based in Berlin that provides an application service provider (ASP) solution for predictive behavioral targeting, has chosen NeuStar's UltraDNS Managed Services to bolster the scalability and reliability of nugg.ad's DNS infrastructure. ›››

On the Pressing Need for a Signed Root

Aug 18, 2008

Attacks on the security of the Internet have been much in the news lately, and there is an increased urgency to take the technical steps to combat these attacks. .ORG has been doing its part to lead this process by taking introductory steps to implement DNSSEC (Domain Name System Security Extensions)... In order to make DNSSEC effective, there is one additional step that is needed -- "signing the root". ›››

  • By PIR
  • Views: 1,559

.ORG Becomes the First Generic Top level Domain to Start DNSSEC Implementation

Jul 21, 2008

A request by .ORG, The Public Interest Registry to bolster Internet security via the implementation of Domain Name Security Extensions (DNSSEC) was unanimously approved by ICANN at the recent Paris meeting. As the first generic Top Level Domain authorized to implement DNSSEC, .ORG also is preparing an education and adoption plan within the Internet infrastructure community. ›››

  • By PIR
  • Views: 1,953

Hostway Upgrades Managed Firewall Selection and Offers 10% Off as well as Free Setup

Jun 12, 2008

Hostway has launched a new line of managed Cisco ASA 5500 firewall solutions for dedicated servers. Customers ordering before June 30, 2008 save 10% off the monthly fee for life, plus free setup. ›››

View More

Advertise  |  About IDG TechNetwork  |  Become a Member Site  |  Privacy Policy