Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Featured Blogs

If It Doesn't Exist, It Can't Be Abused

A number of outlets have reported that the U.S. Post Service was hacked, apparently by the Chinese government. The big question, of course, is why. It probably isn't for ordinary criminal reasons: The intrusion was carried out by "a sophisticated actor that appears not to be interested in identity theft or credit card fraud," USPS spokesman David Partenheimer said. ... But no customer credit card information from post offices or online purchases at usps.com was breached, they said. more»

Secure Unowned Hierarchical Anycast Root Name Service - And an Apologia

In Internet Draft draft-lee-dnsop-scalingroot-00.txt, I described with my coauthors a method of distributing the task of providing DNS Root Name Service both globally and universally. In this article I will explain the sense of the proposal in a voice meant to be understood by a policy-making audience who may in many cases be less technically adept than the IETF DNSOP Working Group for whom the scalingroot-00 draft was crafted. I will also apologize for a controversial observation concerning the addition of new root name servers... more»

Customer Confusion over New(ish) gTLDs Targeting Financial Services

For the last decade and a bit, banking customers have been relentlessly targeted by professional phishers with a never-ending barrage of deceitful emails, malicious websites and unstoppable crimeware -- each campaign seeking to relieve the victim of their online banking credentials and funds. In the battle for the high-ground, many client-side and server-side security technologies have been invented and consequently circumvented over the years. Now we're about to enter a new era of mitigation attempts... more»

New MANRS Initiative Aims to Improve Security of Internet Routing

How can we work together to improve the security and resilience of the global routing system? That is the question posed by the "Routing Resilience Manifesto" site with the suggested answer launched today of the "Mutually Agreed Norms for Routing Security (MANRS) document, to which a number of network operators have already signed on as participants, including: Comcast, Level 3, NTT, RUNNet, ClaraNet, SURFnet, SpaceNet, KPN and CERNET. more»

Scaremongering from Spy Agents

In an article for the Financial Times, Mr Hannigan -- the chief of the British spy agency GCHQ said: "I understand why they [US technology companies] have an uneasy relationship with governments. They aspire to be neutral conduits of data and to sit outside or above politics." "But increasingly their services not only host the material of violent extremism or child exploitation, but are the routes for the facilitation of crime and terrorism."... more»

An Open Letter to the Prime Minister of India, from Within India, Through an Internet Blog

Hon' Prime Minister, Why would India table Proposal 98 for the work of the ITU Plenipotentiary Conference? Contribution 98 wants the ITU to develop an IP address plan; wants it to be a contiguous IP address platform so as to enable the Governments to map and locate every Internet user; suggests that the ITU may coordinate the distribution of IP addresses accordingly; instructs the ITU Secretary General to develop policies for... naming, numbering and addressing which are [already] systematic, equitable... more»

DNSSEC Workshop Streaming Live From ICANN 51 On Wednesday, Oct 15

Want to learn about the state of DNSSEC usage in North America? Or what is new in DNS monitoring? Or where DNSSEC fits into the plans of operating systems? Or how DANE is being used to bring a higher level of security to email? All those questions and much more will be discussed at the DNSSEC Workshop at ICANN 51 happening on Wednesday, October 15, 2014, from 8:30 am to 2:45 pm Pacific Daylight Time (PDT, which is UTC-7). more»

.trust Technical Policy Launch

Whenever I examine the technical elements of the various Internet security certifications and standards that organisations are clamouring to achieve compliance against, I can't help but feel that in too many cases those businesses are prioritising the wrong things and wasting valuable resources. They may as well be following a WWI field guide on how to keep cavalry horses nourished and bayonets polished in a world of stealth aircraft and dirty bombs. more»

Some Observations from NANOG 62

NANOG 62 was held at Baltimore from the 6th to the 9th October. These are my observations on some of the presentations that occurred at this meeting. .. One of the more memorable sides in this presentation was a reference to "map" drawn by Charles Minard in 1869 describing the statistics relating to the Napoleonic military campaign in Russia, and the subsequent retreat. more»

If Compliance Were an Olympic Sport

It probably won't raise any eyebrows to know that for practically every penetration tester, security researcher, or would-be hacker I know, nothing is more likely to make their eyes glaze over and send them to sleep faster than a discussion on Governance, Risk, and Compliance (i.e. GRC); yet the dreaded "C-word" (Compliance) is a core tenet of modern enterprise security practice. more»