Internet security is the prevention of unauthorized access and/or damage to computer systems via internet access. Internet security practices are primarily focused in four major areas: penetration testing, intrusion detection, incidence response, and legal compliance. Read the full background at Security Wikipedia
In a blog post last week, Gary Warner, director of research in computer forensics at the University of Alabama's (UAB) computer and information sciences department, wrote that it is well past time for someone to declare a "Spam Crisis in China". The warning comes along with UAB's reports that most of the spam they receive has ties to China. "It is very normal that more than one-third of the domain names we see each day in spam messages come from China," Warner wrote. "When one also considers the many '.com' and '.ru' domain names which are also hosted in China, the problem is much worse. More than half of all spam either uses domain names registered in China, is sent from computers in China, or uses computer in China to host their web pages." more»
If you put 65 million people in a locked room, they’re going to find all the exits pretty quickly, and maybe make a few of their own. In the case of Iran’s crippled-but-still-connected Internet, that means finding a continuous supply of proxy servers that allow continued access to unfiltered international web content like Twitter, Gmail, and the BBC... more»
I'm interested in CircleID community's take on NeuStar's recent announcement of Cache Defender. While only effective for domains the company is authoritative for, that does cover a large number of big Internet brands and financial institutions. Why wouldn't an ISP deploy this now, while waiting for all the myriad issues involved in DNSSEC to be resolved? more»
Phishing, stealing personal information by impersonating a trusted organization, is a big problem that's not going away. Most antiphishing techniques to date have attempted to recognize fake e-mail and fake web sites, but this hasn't been particularly effective. A more promising approach is to brand the real mail and real web sites. more»
There's a pernicious meme floating around that DomainKeys Identified Mail (DKIM) doesn't work with discussion lists, particularly those hosted on common open source software packages like MailMan. It's particularly odd to see this claim after I set it up successfully on a stock Debian server in less than half an hour, just a few weeks ago. Here's how it can, should, and does work. more»
This is a follow-up to my previous post on Cybersecurity and the White House. It illustrates an actual cyberwarfare attack against Estonia in 2007 and how it can be a legitimate national security issue. Estonia is one of the most wired countries in eastern Europe. In spite of its status of being a former Soviet republic, it relies on the internet for a substantial portion of everyday life -- communications, financial transactions, news, shopping and restaurant reservations all use the Internet. Indeed, in 2000, the Estonian government declared Internet access a basic human right... more»
New research from the Anti-Phishing Working Group (APWG) has found that up to 81% of domain names used for phishing are legitimate domains that have been hacked. More specifically, out of the 30,454 phishing domains under observation, only 5,591 domain names (18.5%) were registered by phishers according to APWG. The remaining small percentage of the domains used in phishing belonged to subdomain resellers such as ISPs and other web-based services. more»
Before we get into what DNSSEC is and the benefits of it, let's talk about some of the other potential pitfalls of DNS. One of the most significant issues we have to deal with are denial-of-service (DoS) attacks. While DoS attacks are not specific to DNS we have seen DNS be a frequent target of these attacks. more»
A few months ago, I made a post about IPv6 security. I've caught some flak for saying that IPv6 isn't a security issue. I still stand by this position. This is not to say that you should ignore security considerations when deploying IPv6. All I claim is that deploying IPv6 in and of itself does not make an organization any more or less secure. This point was made by Dr. Joe St. Sauver, of the University of Oregon... more»
According to Shanghai Daily, there has been an "organized Internet attack on Tuesday night which caused serious congestion in several provinces [in China] and left millions of users unable to gain access to the Internet." This is the first time the regulator has published news about an investigation into an online attack in China within 24 hours, says Shanghai Daily. ..."It was an attack on DNS (Domain Name System) and the carriers and related firms should do more back-up to avoid similar incidents," the ministry said in a statement. more»
News broke this week about an attack in Puerto Rico that caused the local websites of Google, Microsoft, Yahoo, Coca-Cola, PayPal, Nike, Dell and Nokia to be redirected for a few hours to a phony website. The website was all black except for a taunting message from the computer hacker responsible for the attack... more»
With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more»
With the recent attacks against high-profile New Zealand domain names including Coca-Cola.co.nz and F-Secure.co.nz, fingers are naturally pointing to Domainz, the registrar of record for these domains, as the party responsible for this lapse in security. While domain name registrars certainly need to ensure the security and stability of their systems, domain name registries must also step up and take responsibility for mitigating risks posed by hackers... more»
Four senators (Rockefeller, Bayh, Nelson, and Snowe) have recently introduced S.773, the Cybersecurity Act of 2009. While there are some good parts to the bill, many of the substantive provisions are poorly thought out at best. The bill attempts to solve non-problems, and to assume that research results can be commanded into being by virtue of an act of Congress. Beyond that, there are parts of the bill whose purpose is mysterious, or whose content bears no relation to its title. more»
A cybersecurity bill introduced in the U.S. Senate on April 1st, 2009 would give the United States federal government extraordinary power over private sector Internet services, applications and software. This proposed legislation is a direct result of a review ordered by the Obama administration into government policies and processes for defending against Internet-born attack. The focus of the bill, according to a summary released by the sponsoring senators, is on establishing a new partnership between the public and private sectors in a joint effort to bolster Internet security... more»
MarkMonitor, the global leader in enterprise brand protection, today released the company's latest Brandjacking Index that studies how fraudsters are abusing major financial brand names and topical subjects like refinancing or unemployment to lure unsuspecting consumers to questionable websites. ›››
This vulnerability, brought to public attention last year by security researcher Dan Kaminsky, allows criminal elements to engage in "DNS cache poisoning" for the malicious hijacking of domain names and results in consequent damage from large-scale identity theft, among other illegal activities. ›››
The Internet Corporation for Assigned Names and Numbers (ICANN) has recently released a number of important documents. This post includes brief synopses of these newly released documents. ›››
Today, .ORG, The Public Interest Registry, the company behind the .ORG domain name, is the first open generic Top-Level Domain to successfully sign the .ORG zone file with Domain Name Security Extensions (DNSSEC). To date, the .ORG zone is the largest domain registry to implement the security measure. ›››
The DNSSEC Industry Coalition Symposium is announced today in collaboration with Google, Nominum, Inc. and ICANN and will be held June 11-12, 2009, in Washington, DC. The purpose will be to discuss and identify potential and perceived issues with the Domain Name System (DNS) and DNSSEC deployment due to signing the DNS root zone. ›››
MarkMonitor today announced that SPIL GAMES, the world's ultimate online game destination, will be using MarkMonitor Domain Management to centrally manage SPIL GAMES' key domains. ›››
MarkMonitor, the global leader in enterprise brand protection, today announced Facebook has selected MarkMonitor AntiFraud Solutions to supplement its own in-house security efforts in protecting users against malware attacks. ›››
MarkMonitor announces AntiFraud Solutions, offering patented technology to enable brand owners to prevent, detect and respond to phishing and malware attacks. Service leverages the extensive MarkMonitor network of relationships and technology designed to thwart phishing attacks in order to combat the rapidly expanding problem of malware targeting brands. ›››
DNSstuff.com has announced in partnership with Trusteer that it is offering Rapport, a tool that protects your transactions from being tampered with and private information from being stolen, through its website, dnsstuff.com.
Rapport is an easy-to-use browser plug-in that provides users with a secure connection to any online site they log into, protecting their most valuable online assets — login credentials. ›››
MarkMonitor has announced AntiFraud Solutions, offering patented technology to enable brand owners to prevent, detect and respond to phishing and malware attacks. MarkMonitor AntiFraud Solutions leverage the extensive MarkMonitor network of relationships and technology designed to thwart phishing attacks in order to combat the rapidly expanding problem of malware targeting brands.
›››
Copyright © 2002-2009 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
