Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / News Briefs

US Army Site Hacked as Obama Vows 'Aggressive' Response to Cyberattacks

The US Army was forced to close down its official website yesterday after it was defaced by the Syrian Electronic Army hacker group. The news came as US President Barack Obama promised Washington will become more 'aggressive' in defending itself against cyber-attacks. more»

IPv6 Adoption Brings New Security Risks

Although IPv6 DDoS attacks are not yet a common occurrence, there are indications that malicious actors have started testing and researching IPv6 based DDoS attack methods. more»

Placing New Domain Names in Temporary "Penalty Box" Could Deter Malicious Use, Says Paul Vixie

Paul Vixie proposes a 'cooling-off period' when domain names are registered in order to help detect and deter malicious activity. "There's no legitimate reason for a new domain name to be registered and go live in less than a minute... more»

Record Number of Malware Variants Detected in Q4 of 2014, Retail/Service Most Targeted

During the 4th quarter of 2014, a record number of malware variants were detected -- an average of 255,000 new threats each day, according a recent report by Anti-Phishing Working Group (APWG). The group further reports that the number of unique phishing reports submitted to APWG during Q4 was 197,252 -- an increase of 18 percent from the 163,333 received in Q3 of 2014. more»

Research Finds Mobile Malware Infections Overblown

Advanced threat detection company, Damballa has released findings of a new research on Wednesday, detailing the overblown nature of the mobile malware problem. According to the company, the research, based on Big Data (50% of US mobile traffic), was used to determine actual malware infection rates -- not just samples found, or vulnerabilities/theoretical attacks. more»

M3AAWG Releases Anti-Abuse Best Common Practices for Hosting and Cloud Service Providers

Jointly published by the Internet Infrastructure Coalition (i2C) and the Messaging, Malware and Mobile Anti-Abuse Working Group, the new document outlines proven activities that can help Web hosting services improve their operations and better protect end-users. more»

Internet Society Issues Statement on Developing Cyber Security Policy Initiatives

The Internet Society has released an announcement setting out its views on the development of policy to address the balance between security and privacy. From an Internet perspective and in the context of the growing threat vector from hacking, targeted cyber attacks on networks and individuals, and surveillance, the Internet Society's approach to the development of cyber security policy initiatives is based on the following key considerations. more»

UK Power Grid Under Minute-by-Minute Cyberattack

A senior government figure says that the UK's power grid is under "minute-by-minute" attacks from computer hackers but information security experts aren't so sure. Conservative MP James Arbuthnot chaired the Defence Select Committee up until last year and said that the National Grid is facing cyberattacks every minute. He plans to visit the National grid next month to discuss the issue. more»

Symantec Chosen as Verification Agent for .bank and .insurance TLDs

fTLD Registry Services, LLC has announced an agreement with Symantec Corporation to provide verification services for the ".bank" and ".insurance" generic top-level domains. According to the report, Symantec will be responsible for adding a layer of protection to the new domains by verifying the eligibility of companies requesting domain names, making sure the person requesting the domain name is authorized by the company and ensuring the name requested by the company complies with fTLD's policies. more»

A Survey of Internet Users from 24 Countries Finds 83% Consider Affordable Access Basic Human Right

A survey of Internet users in 24 countries has found that 83% believe affordable access to the Internet should be a basic human right, according to the "CIGI-Ipsos Global Survey on Internet Security and Trust." The results of the new survey, commissioned by the Centre for International Governance Innovation (CIGI) and conducted by global research company Ipsos, were presented today in Ottawa, Canada. more»

DNS Based DDoS Attacks Using White House Press Releases

Akamai has issued a security bulletin about a new form of Domain Name Service-based distributed denial of service (DDoS) attacks that emerged in October, attacks that can significantly boost the volume of data flung at a targeted server. The method builds upon the well-worn DNS reflection attack method used frequently in past DDoS attacks, exploiting part of the DNS record returned by domain queries to increase the amount of data sent to the target -- by stuffing it full of information from President Barack Obama's press office. more»

Group Announces Certificate Authority to Encrypt the Entire Web, Lunching in 2015

EFF, Mozilla, Cisco, Akamai, Identrust, and researchers at the University of Michigan today announced a new certificate authority (CA) initiative called "Let's Encrypt". more»

European Data Breaches Have Resulted in Loss of 645 Million Records Since 2004

A first-time study of publically-reported data breaches in the 28 European Union member countries, plus Norway and Switzerland, conducted by the Central European University's Center for Media, Data and Society (CMDS) has found that between 2004 and 2014 the continent's organizations suffered 229 incidents covering 227 million personal records.  more»

A Look at the Security Collapse in the HTTPS Market

While in recent years, HTTPS has become integral part of protecting social, political, and economic activities online, widely reported security incidents -- such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed -- have exposed systemic security vulnerabilities of HTTPS to a global audience. more»

TCP Stealth Aims to Keep Servers Safe from Mass Port-Scanning Tools

TCP Stealth, an IETF draft authored by Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn, describes an easily-deployed and stealthy port knocking variant. "TCP Stealth embeds the authorization token in the TCP ISN, and enables applications to add payload protections. As a result, TCP Stealth is hard to detect on the network as the traffic is indistinguishable from an ordinary 3-way TCP handshake, and man-in-the-middle attacks as well as replay attacks are mitigated by the payload protections. TCP Stealth works with IPv4 and IPv6."
 more»