Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Featured Blogs

M3AAWG Offers Some Sensible Password Advice

M3AAWG is a trade association that brings together ISPs, hosting providers, bulk mailers, and a lot of infrastructure vendors to discuss messaging abuse, malware, and mobile abuse. (Those comprise the M3.) One of the things they do is publish best practice documents for network and mail operators, including two recently published, one on Password Recommendations for Account Providers, and another on Password Managers Usage Recommendations. more»

Understand More, Fear Less: Will G20 Be Able to Contribute to an Internet Future with a Human Face?

Last week, the G20's ministers responsible for the digital economy met in Düsseldorf to prepare this year's G20 summit, scheduled for Hamburg, July 2017. Building on important strides initiated two years ago during the G20 summit in Antalya and based on the G20 Digital Economy Development and Cooperation Initiative (DEDCI), which was adopted last year under the Chinese G20 presidency, the Düsseldorf meeting adopted a "G20 Digital Economy Ministerial Declaration" which also includes a "Roadmap for Digitalisation". One day before the ministerial meeting, non-state actors were invited to discuss "Policies for a Digital Future" within a so-called Multistakeholder Conference. more»

While Cyberspace Is Entering an Era of Warring States, There Remains a Chance to Make a Difference

For the non-state actors who are making efforts to approach cybersecurity issue in a different and creative way, the state actors, however, have given clear signs that they have exhausted their patience and insisted on doing things alone by bringing traditional old tricks back into cyberspace. This is exemplified in the bilateral meeting of two cyber sovereigntists - the Chinese and U.S. presidents on April 6-7, and in the multilateral G7 Declaration on Responsible States Behavior in Cyberspace on April 11. more»

Encryption and Securing Our Digital Economy

As G20 leaders from around the world gather this week, Germany wants them to agree to a concrete plan -- one that includes affordable Internet access across the world by 2025, common technical standards and a focus on digital learning. Today, the G20 economies, like so many other economies around the world, are digital and interconnected. Digital services have opened up new avenues for sustainable economic growth. more»

Use STIX to Block Robocalls

It is one of those oddities that occurs around Washington from time to time. During the same hour today, the Federal Communications Commission (FCC) was meeting at its downtown headquarters trying to stop robocalls, while a large gathering of government and industry cybersecurity experts were meeting a few miles away at Johns Hopkins Applied Physics Lab advancing the principal means for threat information sharing known as STIX. more»

ICANN Complaint System Easily Gamed

ICANN's WDPRS system has been defeated. The system is intended to remove or correct fraudulently registered domains, but it does not work anymore. Yesterday I submitted a memo to the leadership of the ICANN At-Large Advisory Committee (ALAC) and the greater At-Large community. The memo concerns the details of a 214-day saga of complaints about a single domain used for trafficking opioids. more»

Google Claims It Fixed the Security Holes the CIA Exploited

WikiLeaks shook the internet again on March 7, 2017, by posting several thousand documents containing information about the tools the CIA allegedly used to hack, among others, Android and iOS devices. These classified files were obtained from the CIA's Center for Cyber Intelligence, although they haven't yet been verified and a CIA official declined to comment on this incident. This isn't the first time that the U.S. government agencies were accused of crossing the line and undermining online security and civil liberties, as it's been only a year since the infamous FBI-Apple encryption dispute. It's like "1984" all over again. more»

And the Wait Continues for .Corp, .Home and .Mail Applicants

On 6 March 2017, ICANN's GDD finally responded to an applicant letter written on 14 August 2016 to the ICANN Board. This was not a response from the ICANN Board to the letter from 2016 but a response from ICANN staff. The content of this letter can best be described as a Null Response. It reminded the applicants that the Board had put the names on hold and was still thinking about what to do. more»

The Internet as Weapon

One of the most striking and enduring dichotomies in the conceptualization of electronic communication networks is summed up in the phrase "the Internet as weapon." With each passing day, it seems that the strident divergence plays in the press -- the latest being Tim's lament about his "web" vision being somehow perverted. The irony is that the three challenges he identified would have been better met if he had instead pursued a career at the Little Theatre of Geneva and let SGML proceed to be implemented on OSI internets rather than refactoring it as HTML to run on DARPA internets. more»

WikiLeaks' Vault 7: CIA Gives a Free Lesson in Personal Cyber Security

WikiLeaks' newly released Vault 7 trove is a tantalizing study in how one of the world's premiere intelligence agencies hacks devices. Analysts and experts have signaled that this leak appears authentic based on some clues in the content. But while it may ultimately be comparable in size to the Snowden or Manning leaks, it lacks the "wow" factor that made those landmark whistleblowing cases so important. What lessons are to be learned from the leaks, and how should we apply them to our personal digital lives? more»