IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.The Internet Society has released an announcement setting out its views on the development of policy to address the balance between security and privacy. From an Internet perspective and in the context of the growing threat vector from hacking, targeted cyber attacks on networks and individuals, and surveillance, the Internet Society's approach to the development of cyber security policy initiatives is based on the following key considerations. more»
A senior government figure says that the UK's power grid is under "minute-by-minute" attacks from computer hackers but information security experts aren't so sure. Conservative MP James Arbuthnot chaired the Defence Select Committee up until last year and said that the National Grid is facing cyberattacks every minute. He plans to visit the National grid next month to discuss the issue. more»
fTLD Registry Services, LLC has announced an agreement with Symantec Corporation to provide verification services for the ".bank" and ".insurance" generic top-level domains. According to the report, Symantec will be responsible for adding a layer of protection to the new domains by verifying the eligibility of companies requesting domain names, making sure the person requesting the domain name is authorized by the company and ensuring the name requested by the company complies with fTLD's policies. more»
A survey of Internet users in 24 countries has found that 83% believe affordable access to the Internet should be a basic human right, according to the "CIGI-Ipsos Global Survey on Internet Security and Trust." The results of the new survey, commissioned by the Centre for International Governance Innovation (CIGI) and conducted by global research company Ipsos, were presented today in Ottawa, Canada. more»
Akamai has issued a security bulletin about a new form of Domain Name Service-based distributed denial of service (DDoS) attacks that emerged in October, attacks that can significantly boost the volume of data flung at a targeted server. The method builds upon the well-worn DNS reflection attack method used frequently in past DDoS attacks, exploiting part of the DNS record returned by domain queries to increase the amount of data sent to the target -- by stuffing it full of information from President Barack Obama's press office. more»
EFF, Mozilla, Cisco, Akamai, Identrust, and researchers at the University of Michigan today announced a new certificate authority (CA) initiative called "Let's Encrypt". more»
A first-time study of publically-reported data breaches in the 28 European Union member countries, plus Norway and Switzerland, conducted by the Central European University's Center for Media, Data and Society (CMDS) has found that between 2004 and 2014 the continent's organizations suffered 229 incidents covering 227 million personal records. more»
While in recent years, HTTPS has become integral part of protecting social, political, and economic activities online, widely reported security incidents -- such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed -- have exposed systemic security vulnerabilities of HTTPS to a global audience. more»
TCP Stealth, an IETF draft authored by Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn, describes an easily-deployed and stealthy port knocking variant. "TCP Stealth embeds the authorization token in the TCP ISN, and enables applications to add payload protections. As a result, TCP Stealth is hard to detect on the network as the traffic is indistinguishable from an ordinary 3-way TCP handshake, and man-in-the-middle attacks as well as replay attacks are mitigated by the payload protections. TCP Stealth works with IPv4 and IPv6."
more»
Google today revealed a new initiative, named Project Zero, with the objective to "significantly reduce the number of people harmed by targeted attacks." To carry out the project, Google is recruiting a team of experienced hackers - "practically-minded security researchers" - to contribute 100% of their time toward improving security across the Internet. more»
Various websites associated to the World Cup have been struck by a distributed denial of service (DDoS) attack ahead of the tournament's opening match on Thursday. The official government World Cup website has been down for more than a day, as well as the websites of some host states. more»
Popular RSS reader Feedly has been hit by major distributed denial of service (DDoS) attacks beginning 2:04am PST on Wednesday causing the service to be completely down for several hours two days in a row. (Second attack still undergoing as of the time of this post.) more»
In a video interview conducted during the NSCS ONE conference, Paul Vixie CEO of Farsight Security further discusses the topic of his presentation titled: "Defective by Design -- How the Internet's Openness is Slowly Poisoning Us". more»
The African Union's Convention on the Establishment of a Credible Legal Framework for Cyber Security in Africa (AUCC) has been the focus of debate recently.To shed light on online security issues in Africa, CIO East Africa sought the views of Ms Sophia Bekele, an internet security expert and international policy advisor over internet and ICT. more»
Delegation from the European Standardization Organizations (ESOs) - CEN, CENELEC and ETSI - met with Neelie Kroes, the Vice-President of the European Commission responsible for the Digital Agenda, in Brussels yesterday (2 April 2014) discussing how to maximize the positive contribution that standards can make to enhancing internet security and protecting personal data, in order to support the successful implementation of the EU Cybersecurity Strategy. more»
