Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Recently Commented

Death of the PKI Dragons?

The recent attack on the Comodo Certification Authority has not only shown how vulnerable the current public key infrastructure is, but also that the protocols (e.g., OSCP) used to mitigate these vulnerabilities once exploited, are not in use, not implemented correctly or not even implemented at all. Is this the beginning of the death of the PKI dragons and what alternatives do we have? more»

2nd Annual RIPE NCC - LEA meeting: Cooperation Unfolds

On Wednesday 16 March the Serious Organised Crime Agency organised a meeting in London with the RIPE NCC. For the second time law enforcers from the whole world met with the RIPE NCC and RIPE community representatives to discuss cooperation. RIPE NCC staged several very interesting presentations that showed the LEAs the importance of the work done within RIPE and ARIN, the information RIPE NCC has and the relevance of all this to LEAs. Also issues were addressed that can potentially be harmful to future investigations. more»

Microsoft, Federal Agencies Take Down Rustock Botnet

Neil Schwartzman writes: "There is a lot of press on the profound effect the take-down of the Rustock botnet, affected by Microsoft, some U.S. federal agencies, and countless others working in the background to assist in the effort. CAUCE has aggregated a few of the best stories and data-points. A community congratulations, and thank-you to all those involved!" more»

COICA and Secure DNS

As a strong proponent of the private right of action for all Internet endpoints and users, I've long been aware of the costs in complexity and chaos of any kind of "blocking" that deliberately keeps something from working. I saw this as a founder at MAPS back in 1997 or so when we created the first RBL to put some distributed controls in place to prevent the transmission of unwanted e-mail from low reputation Internet addresses. What we saw was that in addition to the expected costs (to spammers) and benefits (to victims) of this new technology there were unintended costs to system and network operators whose diagnostic and repair work for problems related to e-mail delivery was made more complex because of the new consideration for every trouble ticket: "was this e-mail message blocked or on purpose?" more»

DNSSEC - Let's Stay the Course!

I don't know about you, but I'm starting to think that DNSSEC being so hot these days is a mixed blessing. Yes, it's wonderful that after so many years there is finally broad consensus for making DNSSEC happen. But being so prominent also means the protocol is taking shots from those who don't want to make the necessary software, hardware and operational modifications needed. And DNSSEC has taken some shots from those who just want to be contrarian. more»

KnujOn Releases New Security, Abuse and Compliance Report

We have just issued a new report detailing abuse of the Domain Name System and Registrar contract compliance issues. The report specifically discusses several items including: Registrars with current legal issues; Illicit Use of Privacy-Proxy WHOIS Registration; A study on the contracted obligation for Bulk WHOIS Access; and more. more»

Proxy-Privacy User Higher for Illicit Domains

WHOIS issues are looming large for the ICANN meeting next week, starting with an all-day WHOIS Policy Review on Sunday (background). WHOIS is a subject that has been the recent topic of a number of issues including a debacle over potentially disclosing the identities of compliance reporters to spammers and criminal domainers. more»

No Internet Traffic Detected Entering or Leaving Libyan Net Space

As fighting inside the country intensifies, Libya's links to the net appear to have been completely severed. Net monitoring and security firms are reporting that no net traffic is entering or leaving Libyan net space. Renesys said the outage was more than just a "blip" as many sites have been unreachable for more than 12 hours. more»

Malware Decrease in February, Trojans Continue to Be Most Prolific

Only 39 percent of computers scanned in February were infected with malware, compared to 50 percent last month, according to recent data gathered by Panda Security. Trojans were found to be the most prolific malware threat, responsible for 61 percent of all cases, followed by traditional viruses and worms which caused 11.59 percent and 9 percent of cases worldwide, respectively. more»

Conflict Over Efforts to Develop a Best-Practices Document for Blacklist Operators

Neil Schwartzman writes to report: "Ken Magill covers the current rake fight on the IRTF's Anti-Spam Research Group mailing list concerning anti-spam DNS Blacklist, or Blocklist, (DNSBL) operators charging for delistings, that is well worth a read, he has quotes from many experts and leaders in the industry who are decidedly against the practice." more»

Comcast’s Impressive System for Notifying Infected Users

Pretty much as long as there've been computers, one of the biggest challenges has been user education. How do you create software smart enough to inform a user when they're about to do something potentially disastrous - or, worse, when something disastrous has been done to them? As one of the world's largest access providers, Comcast has put a ton of thought into developing a notification system for their users. The solution Comcast developed involves, in effect, hijacking HTTP requests... more»

US Bill to Prohibit So Called Internet "Kill Switch"

Grant Gross reporting from IDG News: "Three U.S. senators criticized for past legislation that would allow the president to potentially quarantine or shut down parts of the Internet during a major cyberattack have introduced a new bill that would put limits on that authority. The Cybersecurity and Internet Freedom Act, introduced late Thursday, would explicitly deny the president or other U.S. officials "authority to shut down the Internet." more»

Collecting Cybercrime Data: Can Signal Spam Be a Piece of the Puzzle?

The gathering of coherent data on cybercrime is a problem most countries haven't found a solution for. So far. In 2011 it is a well known fact that spam, cybercrime and botnets are all interrelated. The French database Signal Spam may be a significant part of the solution to gather, analyse and distribute data on spam, phishing, cybercrimes and botnets, but also be a forum in which commercial mass e-mail senders and ISPs can work on trust. more»

Homeland Security Department Seeks Boost in Cybersecurity Funding, $936 Million for Fiscal 2012

Aliya Sternstein reporting in Nextgov: "The Homeland Security Department has requested an unprecedented $936 million in funding for fiscal 2012 to grow the federal cybersecurity workforce and enhance network protections. President Obama's budget would grant DHS, which last year assumed responsibility for governmentwide cyber operations, a $100 million increase over funding enacted the last time Congress passed full-year appropriations in 2010." more»

DDoS Attack Size Breaks 100 Gbps for First Time, Up 1000% Since 2005

"2010 should be viewed as the year distributed denial of service (DDoS) attacks became mainstream as many high profile attacks were launched against popular Internet services and other well known targets," reports Arbor Networks in its just released Sixth Annual Worldwide Infrastructure Security Report. According to the report, the year also witnessed a sharp escalation in the scale and frequency of DDoS attack activity on the Internet. The 100 Gbps attack barrier was reached for the first time while application layer attacks hit an all-time high. Service providers experienced a marked impact on operational expense, revenue loss and customer churn as a result. more»