Security

Topic Feed

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

— Danny McPherson
Chief Security Officer for Verisign June 09, 2011  /  Comments: 0  /  Views: 3,146

Security / Featured Blogs

Chinese Hackers and Cyber Realpolitik

Dec 16, 2011

For many people the comments made by Michael Hayden, Former Director of the Central Intelligence Agency, at this week's Black Hat Technical Security Conference in Abu Dhabi may have been unsettling as he commented upon the state of Chinese cyber espionage. I appreciate the candor of his observations and the distinction he made between state-level motivations. In particular, his comment... more»

2012 Security Predictions: APT's, Mobile Malware and Botnet Takedowns

Dec 14, 2011

As the weeks remaining in 2011 dwindle and 2012 peaks out from behind the last page of the calendar, it must once again be that time of year for purposeful reflection and prediction. Or is that navel gazing and star gazing? At the highest level of navel gazing you could probably sum up 2011 with one word -- "More"... But let's put that aside for now. What does 2012 hold in stall for us? more»

Greylisting Still Works - Part II

Dec 09, 2011

In my last post I blogged about greylisting, a well-known anti-spam technique for rejecting spam sent by botnets. When a mail server receives a an attempt to deliver mail from an IP address that's never sent mail before, it rejects the message with a "soft fail" error which tells the sender to try again later. Real mail senders always retry, badly written spamware often doesn't. I found that even though everyone knows about greylisting, about 2/3 of IPs don't successfully retry. more»

Greylisting Still Works - Part I

Dec 09, 2011

Greylisting is a hoary technique for rejecting spam sent by botnets and other poorly written spamware. When a mail server receives an attempt to deliver mail from a hitherto unseen sending host IP address, it rejects the message with a "soft fail" error which tells the sender to try again later. Real mail software does try again, at which point you note that the host knows how to retry and you don't greylist mail from that IP again. more»

Security, Privacy Issues and USB Drives

Dec 08, 2011

In an article on CSO.com.au a report from Sophos Australia is reported on. The anti-virus software company had bought 50 usb drives for analyses at a public transport auction of devices left on the Sydney trains. When they wrote that 66% was infected with malware, I presumed that they were left behind consciously, but were they? more»

DNSSEC Update from ICANN 42 in Dakar

Nov 30, 2011

While the global rollout of DNSSEC continues at the domain name registry level - with more than 25% of top-level domains now signed - the industry continues to focus on the problem of registrar, ISP and ultimately end-user adoption. At the ICANN meeting in Dakar in late October, engineers from some of the early-adopting registries gathered for their regular face-to-face discussion about how to break the "chicken or egg" problems of secure domain name deployment. more»

2012: The Year of Securing Websites?

Nov 28, 2011

In a seemingly never-ending row of news on hacks of websites now the news in which 2.3 million individual cases of privacy sensitive data were accessible through a leak in the websites of most public broadcasting stations in the Netherlands. To make the news more cheerful, the accessible data was, if compiled, sufficient to successfully steal a complete identity. What were thoughts that came to my mind after hearing this news on Friday? more»

Brazil: The Newest Up and Comer

Nov 23, 2011

The Virus Bulletin Conference last month had some good presentations, including this one by Fabio Assolini of Kaspersky. He spoke about how Brazil is the the newest up-and-comer on the cyber crime block. The tale begins with the story of Igor and Emily, two cyber criminals operating out of Brazil. Together, the two of them stole $300,000 US from a single Brazilian bank in one year. more»

Water Supply System Apparently Hacked, with Physical Damage

Nov 18, 2011

According to press reports, a water utility's SCADA network was hacked. The attacker turned a pump on and off too much, resulting in physical damage to the pump. ... For years, security specialists have been warning that something like this could happen. Although more and more people have started to believe it, we still hear all of the usual reassuring noises -- the hackers don't know enough, we have defenses, there are other safeguards, etc. That debate is now over... more»

What Chinese DDoS Malware Looks Like

Nov 16, 2011

While at that same Virus Bulletin conference that I was talking about earlier in my other post, I also had the chance to check out a session on Chinese DDoS malware put on by some folks from Arbor Networks. As little insight as I have into Android malware, I know even less about Chinese DDoS malware. So what's Chinese DDoS malware like? What are its characteristics? more»

Industry Updates

MarkMonitor to Exhibit at Internet Tech Policy Exhibition and Reception to be Held on Capitol Hill

Verisign to Award New Infrastructure Research Grants

Nixu SNS 2.5 Series Gives Fresh Views on DNS

Neustar Names Joe Pasqua to Head Neustar Labs

Q3 2011 Fraud Intelligence Report

The Spookiest DDoS Attacks in History

Protecting Your Business from DDoS Attacks: Advice from Neustar

A Different Kettle of Phish

Introduction to Nixu Software: End-to-End Software-Based DNS, DHCP, IPAM Solutions for Your Network

MarkMonitor Fraud Intelligence Report Released for Q2 2011

President Obama Names Neustar President and CEO Lisa Hook to NSTAC

Verisign's Matt Larson Wins 2011 InfoWorld Technology Leadership Award

Internet Adds 4.5 Million Domain Names in First Quarter of 2011

Businesses Lack Safeguards Against DDoS Attacks and DNS Failures, New Research Shows

Q1 2011 Fraud Intelligence Report

View More