Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Featured Blogs

An Open Letter to the Prime Minister of India, from Within India, Through an Internet Blog

Hon' Prime Minister, Why would India table Proposal 98 for the work of the ITU Plenipotentiary Conference? Contribution 98 wants the ITU to develop an IP address plan; wants it to be a contiguous IP address platform so as to enable the Governments to map and locate every Internet user; suggests that the ITU may coordinate the distribution of IP addresses accordingly; instructs the ITU Secretary General to develop policies for... naming, numbering and addressing which are [already] systematic, equitable... more»

DNSSEC Workshop Streaming Live From ICANN 51 On Wednesday, Oct 15

Want to learn about the state of DNSSEC usage in North America? Or what is new in DNS monitoring? Or where DNSSEC fits into the plans of operating systems? Or how DANE is being used to bring a higher level of security to email? All those questions and much more will be discussed at the DNSSEC Workshop at ICANN 51 happening on Wednesday, October 15, 2014, from 8:30 am to 2:45 pm Pacific Daylight Time (PDT, which is UTC-7). more»

.trust Technical Policy Launch

Whenever I examine the technical elements of the various Internet security certifications and standards that organisations are clamouring to achieve compliance against, I can't help but feel that in too many cases those businesses are prioritising the wrong things and wasting valuable resources. They may as well be following a WWI field guide on how to keep cavalry horses nourished and bayonets polished in a world of stealth aircraft and dirty bombs. more»

Some Observations from NANOG 62

NANOG 62 was held at Baltimore from the 6th to the 9th October. These are my observations on some of the presentations that occurred at this meeting. .. One of the more memorable sides in this presentation was a reference to "map" drawn by Charles Minard in 1869 describing the statistics relating to the Napoleonic military campaign in Russia, and the subsequent retreat. more»

If Compliance Were an Olympic Sport

It probably won't raise any eyebrows to know that for practically every penetration tester, security researcher, or would-be hacker I know, nothing is more likely to make their eyes glaze over and send them to sleep faster than a discussion on Governance, Risk, and Compliance (i.e. GRC); yet the dreaded "C-word" (Compliance) is a core tenet of modern enterprise security practice. more»

Privacy and Security - Five Objectives

It has been a very busy period in the domain of computer security. With "shellshock", "heartbleed" and NTP monlink adding to the background of open DNS resolvers, port 445 viral nasties, SYN attacks and other forms of vulnerability exploits, it's getting very hard to see the forest for the trees. We are spending large amounts of resources in reacting to various vulnerabilities and attempting to mitigate individual network attacks, but are we making overall progress? What activities would constitute "progress" anyway? more»

Web Encryption - It's Not Just for E-Commerce, Anymore

Last week, I re-tweeted Cloudflare's announcement that they are providing universal SSL for their customers. I believe the announcement is a valuable one for the state of the open Internet for a couple of reasons: First, there is the obvious -- they are doubling the number of websites on the Internet that support encrypted connections. And, hopefully, that will prompt even more sites/hosting providers/CDNs to get serious about supporting encryption, too. Web encryption -- it's not just for e-commerce, anymore. more»

Cigarette Smuggling and Cyber Security: Low-Tech Crimes Fund High-Tech Threats

You may not connect the cheap cigarettes sold under the counter (or out of a trunk, bodega or by a street vendor) with the mysterious charges on your credit card that you don't remember making or the cash that has, somehow, just disappeared from your bank account. You also may not connect that website selling cheap cigarettes made in second and third world countries with Shellshock or whatever the fashionably scary cyber-threat of the day is when you're reading this. more»

Bashbleed - A Nasty Reminder Never to Forget Security 101

After the botched burglary at the Watergate Apartments, every scam and scandal that hit the headlines became a 'gate' -- Irangate, Contragate, you name it. The Heartbleed bug is possibly the closest thing to Watergate that this generation of computer security had seen till the past few days -- an exploit in a component that is "just there" -- something you utterly rely on to be there and perform its duties, and give very little thought to how secure (or rather, insecure) it might be. So, fittingly, every such catastrophic bug in an ubiquitous component is now a 'bleed'. more»

Credit Card Breaches a Salutary Lesson for DNSSEC Adoption

Maintaining an 150 year old house requires two things, a lot of time and a lot of trips to the hardware store. Since the closest hardware store to my house is Home Depot, it is rare that a weekend passes without at least one trip to Home Depot. So now in the wake of the Home Depot data breach I am through no fault of my own in a situation where any or all of the bank cards I use regularly could be cancelled if the issuer decides they might be compromised. And this is not the first time this has happened to me this year. more»