Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / News Briefs

A Survey of Internet Users from 24 Countries Finds 83% Consider Affordable Access Basic Human Right

A survey of Internet users in 24 countries has found that 83% believe affordable access to the Internet should be a basic human right, according to the "CIGI-Ipsos Global Survey on Internet Security and Trust." The results of the new survey, commissioned by the Centre for International Governance Innovation (CIGI) and conducted by global research company Ipsos, were presented today in Ottawa, Canada. more»

DNS Based DDoS Attacks Using White House Press Releases

Akamai has issued a security bulletin about a new form of Domain Name Service-based distributed denial of service (DDoS) attacks that emerged in October, attacks that can significantly boost the volume of data flung at a targeted server. The method builds upon the well-worn DNS reflection attack method used frequently in past DDoS attacks, exploiting part of the DNS record returned by domain queries to increase the amount of data sent to the target -- by stuffing it full of information from President Barack Obama's press office. more»

Group Announces Certificate Authority to Encrypt the Entire Web, Lunching in 2015

EFF, Mozilla, Cisco, Akamai, Identrust, and researchers at the University of Michigan today announced a new certificate authority (CA) initiative called "Let's Encrypt". more»

European Data Breaches Have Resulted in Loss of 645 Million Records Since 2004

A first-time study of publically-reported data breaches in the 28 European Union member countries, plus Norway and Switzerland, conducted by the Central European University's Center for Media, Data and Society (CMDS) has found that between 2004 and 2014 the continent's organizations suffered 229 incidents covering 227 million personal records.  more»

A Look at the Security Collapse in the HTTPS Market

While in recent years, HTTPS has become integral part of protecting social, political, and economic activities online, widely reported security incidents -- such as DigiNotar's breach, Apple's #gotofail, and OpenSSL's Heartbleed -- have exposed systemic security vulnerabilities of HTTPS to a global audience. more»

TCP Stealth Aims to Keep Servers Safe from Mass Port-Scanning Tools

TCP Stealth, an IETF draft authored by Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn, describes an easily-deployed and stealthy port knocking variant. "TCP Stealth embeds the authorization token in the TCP ISN, and enables applications to add payload protections. As a result, TCP Stealth is hard to detect on the network as the traffic is indistinguishable from an ordinary 3-way TCP handshake, and man-in-the-middle attacks as well as replay attacks are mitigated by the payload protections. TCP Stealth works with IPv4 and IPv6."
 more»

Google Announces Project Zero to Secure the Internet

Google today revealed a new initiative, named Project Zero, with the objective to "significantly reduce the number of people harmed by targeted attacks." To carry out the project, Google is recruiting a team of experienced hackers - "practically-minded security researchers" - to contribute 100% of their time toward improving security across the Internet. more»

DDoS Attacks Shutdown Several World Cup Websites

Various websites associated to the World Cup have been struck by a distributed denial of service (DDoS) attack ahead of the tournament's opening match on Thursday. The official government World Cup website has been down for more than a day, as well as the websites of some host states. more»

Popular RSS Reader Feedly Suffers Back to Back DDoS Attacks, Held for Ransom

Popular RSS reader Feedly has been hit by major distributed denial of service (DDoS) attacks beginning 2:04am PST on Wednesday causing the service to be completely down for several hours two days in a row. (Second attack still undergoing as of the time of this post.) more»

Paul Vixie on How the Openness of the Internet Is Poisoning Us

In a video interview conducted during the NSCS ONE conference, Paul Vixie CEO of Farsight Security further discusses the topic of his presentation titled: "Defective by Design -- How the Internet's Openness is Slowly Poisoning Us". more»

Sophia Bekele: The AUCC Debate on Cybersecurity Needs to Involve All Stakeholders

The African Union's Convention on the Establishment of a Credible Legal Framework for Cyber Security in Africa (AUCC) has been the focus of debate recently.To shed light on online security issues in Africa, CIO East Africa sought the views of Ms Sophia Bekele, an internet security expert and international policy advisor over internet and ICT. more»

European Standardization Organizations Discuss Role of Standards for EU Cybersecurity Strategy

Delegation from the European Standardization Organizations (ESOs) - CEN, CENELEC and ETSI - met with Neelie Kroes, the Vice-President of the European Commission responsible for the Digital Agenda, in Brussels yesterday (2 April 2014) discussing how to maximize the positive contribution that standards can make to enhancing internet security and protecting personal data, in order to support the successful implementation of the EU Cybersecurity Strategy. more»

US House Hearing Scheduled on Internet Stability, IANA Transition

The Subcommittee on Communications and Technology has scheduled a hearing for Wednesday, April 2, 2014 on "Ensuring the Security, Stability, Resilience, and Freedom of the Global Internet." more»

Secure Domain Foundation Launched to Help Internet Infrastructure Operators Fight Cybercrime

Experts and companies in the information security industry today announced the formation of the Secure Domain Foundation (SDF), a new, non-profit, community-driven organization devoted to the identification and prevention of Internet cyber crime utilizing the domain name system (DNS). more»

Widespread Compromised Routers Discovered With Altered DNS Configurations

A widespread compromise of consumer-grade small office/home office (SOHO) routers has been discovered by threat intelligence group Team Cymru. According to the report, "attackers are altering the DNS configuration on these devices in order to redirect victims DNS requests and subsequently replace the intended answers with IP addresses and domains controlled by the attackers, effectively conducting a Man-in-the-Middle attack." more»