Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Recently Commented

One in Five Online Consumers Victims of Cybercrime Past Two Years, Estimated at $8B, Survey Says

According to the latest Consumer Reports National Research Center “State of the Net” survey, one in five online consumers have been victims of cybercrime in the last two years to the tune of an estimated $8 billion dollars. The overall rate of the crime has remained consistent over the five years says Consumer Reports. Report also notes that the problem stands to get worse as rising unemployment and foreclosures fuel a wave of recession-orientated Internet scams, and as the popularity of social networking services grow, creating more openings for identity thieves. more»

Hannaford Data Breach Plaintiffs Rebuffed in Maine

A US District Judge in Maine largely granted a motion to dismiss brought by Hannaford in a big data breach case... According to the court, around March 2008, third parties stole up to 4.2 million debit and credit card numbers, expiration dates, security codes, PIN numbers, and other information relating to cardholders "who had used debit cards and credit cards to transact purchases at supermarkets owned or operated by Hannaford." more»

U.S. General Reserves Right to Use Physical Force, Even Nuclear, in Response to Cyberattack

The top U.S. commander for strategic combat said last week that the White House retains the option to respond with physical force -- potentially even using nuclear weapons -- if a foreign entity conducts a disabling cyber attack against U.S. computer networks. While a nuclear response appears highly unlikely, it might be counted among a full range of options offered to the president following a major computer attack, suggested Gen. Kevin Chilton, who heads U.S. Strategic Command... more»

Securing a Cloud Infrastructure

George Reese (author of the new book Cloud Application Architectures: Building Applications and Infrastructure in the Cloud) is talking at Gluecon about securing cloud infrastructures. Two recent surveys found "security" was the number one concern of companies considering a move to the cloud. George says the key to making customers comfortable with cloud security is transparency... more»

Canadian Spam Law Update

As you may know, there are two laws currently being discussed in Canadian legislative assemblies: Senate Bill S-220, a private member’s bill with private right of action and criminal remedies; Parliamentary Bill C-27, tabled by the government, with private right of action, coordination between various enforcement agencies... more»

How to Steal Reputation

The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system -- usually one of the large webmail providers -- to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new... more»

Cyber Breaches Even Worse Than You Think

It may seem as if a new breach of some computer system or network is reported every couple of months; but actually, one security expert says it's worse than that. According to James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, reports of about 17 significant security incidents were released in the last two years - which averages to one report every 6 weeks... more»

US Transportation Department: Air Traffic Control System Vulnerable to Cyberattack

The Federal Aviation Administration’s air traffic control system is vulnerable to cyberattacks via Web applications that support the system, according to a new report released by the Transportation Department’s Office of Inspector General (OIG). “In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, [air traffic control] systems encounter attacks that do serious harm to [air traffic control] operations,” wrote Rebecca Leng, DOT’s assistant inspector general for financial and information technology audits, in the report... more»

Cyber Security and the White House

A few months ago, an article appeared on arstechnica.com asking the question "Should cybersecurity be managed from the White House?" During the recent presidential elections in the United States and the federal elections in Canada, the two major players in both parties had differing views that crossed borders. In the US, the McCain campaign tended to favor free market solutions to the problem of cybersecurity, and the Conservatives in Canada took a similar position... more»

Pentagon Quietly Sharing Classified Cyber Threat Intelligence With Defense Contractors

Shane Harris reporting on the National Jouranl that a new intelligence partnership, which has not been previously reported, called the Industrial Base initiative, or "the DIB," has been in the making since September 2007 where contractors and the government could confidentially share information. From the report... more»

NYT: Atomic Bomb Changed Warfare 64 Years Ago, International Race Has Begun to Develop Cyberweapons

When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group's computers and altered information that drove them into American gun sights. When President George W. Bush ordered new ways to slow Iran's progress toward a nuclear bomb last year, he approved a plan for an experimental covert program -- its results still unclear -- to bore into their computers and undermine the project... more»

Hackers Stole Info on $300B Fighter Jet Program, US Defense Secretary Responds on 60 Minutes

Defense Secretary Robert Gates said Tuesday that the United States is "under cyber-attack virtually all the time, every day" and that the Defense Department plans to more than quadruple the number of cyber experts it employs to ward off such attacks. In an interview for an upcoming edition of 60 Minutes, CBS News anchor Katie Couric asked Gates about the nation's cyber security after hackers stole specifications from a $300 billion fighter jet development program as well as other sensitive information... more»

John Chambers: Cloud Computing "A Security Nightmare"

If anyone has the right to be excited about cloud computing, it's John Chambers. But on Wednesday Cisco Systems' Chairman and CEO conceded that the computing industry's move to sell pay-as-you-go computing cycles available as a service on the Internet was also "a security nightmare." Speaking during a keynote address at the annual security confab, Chambers said that cloud computing was inevitable, but that it would shake up the way that networks are secured... more»

Rustock, Xarvester Spambots Capable of Sending 25,000 Messages Per Hour, Says New Study

A recent study suggests Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period. "Over the past few years, botnets have revolutionized the spam industry and pushed spam volumes to epidemic proportions despite the best efforts of law enforcement and the computer security industry. Our intention was to better understand the origins of spam, and the malware that drives it," said Phil Hay, senior threat analyst, TRACElabs (a research arm of security company Marshal8e6)... more»

Global DNS SSR Recap

This past February, around 100 DNS industry experts met in Atlanta, GA for the "The Global DNS Security, Stability, & Resiliency Symposium." Organized by ICANN and hosted by Georgia Tech, this event was to strengthen personal relationships between operators and review what we know about the DNS infrastructure... The content included three breakout groups over two days: Enterprise Use of DNS, DNS in Resource Constrained Environments, and Combating Malicious Use of DNS... more»