Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Recently Commented

An Arms Race: The Struggle Between Security Firms and Cybercriminals

Any improvement in the way computers spot malicious software is matched by a change in tactics by the criminals that undermines that better protection. One particular tactic that has proved successful for the criminals is the pumping out of ever more copies and variants of their malware. The numbers of malware samples received by the security companies tells this story all by itself. more»

Domain Name Registries Scrambling to Patch Newly Discovered DNS Bug

Domain name registries are scrambling to patch a newly discovered bug in popular open source DNS software that could be exploited for denial-of-service attacks. The bug and a corresponding fix were announced Monday by NLnet Labs, a research group that provides authoritative domain name server software called NSD to domain name registrars. more»

Cybersecurity Groups Start New Initiative to Combat Malware

Three of the world's leading cybersecurity groups today launched a new initiative to combat malicious software (malware) by establishing a "Chain of Trust" among all organizations and individuals that play a role in securing the Internet. Developed by the Anti-Spyware Coalition (ASC), National Cyber Security Alliance (NCSA) and StopBadware.org, the Chain of Trust Initiative will link together security vendors, researchers, government agencies, Internet companies, network providers, advocacy and education groups in a systemic effort to stem the rising tide of malware. more»

Most Websites Harbor at Least One Major Vulnerability, Says Report

Most Websites harbor at least one major vulnerability, and over 80 percent of Websites have had a critical security flaw, according to new data released today by WhiteHat Security. The Website vulnerability statistics, based on Website vulnerability data gathered from WhiteHat's own enterprise clients, show that 63 percent of Websites have at least one high, critical, or urgent vulnerability issue, and there's an average of seven unfixed vulnerabilities in a Website today... more»

Google Blames DNS for Website Defacements in Uganda, Morocco and Kenya This Week

Domain Name System (DNS) insecurity caused the defacing of Google Web sites in Uganda and Morocco, according to a Google spokesperson. Earlier this week, both Google Uganda and Google Morocco were redirecting traffic to different sites... more»

US Military Shopping for Email Defense System to Scan 50 Million Inbound Messages a Day

The Defense Information Systems Agency asked technology companies on Wednesday for ideas on how to build an email defense system on the perimeter of its networks that can scan 50 million inbound messages a day to catch spam, viruses and cyberattacks. In a notice to industry, DISA said it needs to protect 700 unclassified network domains and that, while there are many individual e-mail domains administered by Defense Department units, "there is a possibility these may be combined into one enterprise DoD e-mail domain."... NSA Director Lt. Gen. Keith B. Alexander said 65-70% of the emails sent each day are spam. more»

Sharp Decline Found in Information Security Budgets Within Tech, Media and Telecom Industries

Companies in the technology, media and telecommunications industries (TMT) significantly reduced investment in security spending in 2008, according to a new survey from Deloitte Touche Tohmatsu. The third edition of the Deloitte TMT Global Security Survey reveals that 32% of respondents reduced their information security budgets, while 60% of respondents believe they are "falling behind" or still "catching up" to their security threats -- a significant increase from 49% over the previous year. more»

One in Five Online Consumers Victims of Cybercrime Past Two Years, Estimated at $8B, Survey Says

According to the latest Consumer Reports National Research Center “State of the Net” survey, one in five online consumers have been victims of cybercrime in the last two years to the tune of an estimated $8 billion dollars. The overall rate of the crime has remained consistent over the five years says Consumer Reports. Report also notes that the problem stands to get worse as rising unemployment and foreclosures fuel a wave of recession-orientated Internet scams, and as the popularity of social networking services grow, creating more openings for identity thieves. more»

Hannaford Data Breach Plaintiffs Rebuffed in Maine

A US District Judge in Maine largely granted a motion to dismiss brought by Hannaford in a big data breach case... According to the court, around March 2008, third parties stole up to 4.2 million debit and credit card numbers, expiration dates, security codes, PIN numbers, and other information relating to cardholders "who had used debit cards and credit cards to transact purchases at supermarkets owned or operated by Hannaford." more»

U.S. General Reserves Right to Use Physical Force, Even Nuclear, in Response to Cyberattack

The top U.S. commander for strategic combat said last week that the White House retains the option to respond with physical force -- potentially even using nuclear weapons -- if a foreign entity conducts a disabling cyber attack against U.S. computer networks. While a nuclear response appears highly unlikely, it might be counted among a full range of options offered to the president following a major computer attack, suggested Gen. Kevin Chilton, who heads U.S. Strategic Command... more»

Securing a Cloud Infrastructure

George Reese (author of the new book Cloud Application Architectures: Building Applications and Infrastructure in the Cloud) is talking at Gluecon about securing cloud infrastructures. Two recent surveys found "security" was the number one concern of companies considering a move to the cloud. George says the key to making customers comfortable with cloud security is transparency... more»

Canadian Spam Law Update

As you may know, there are two laws currently being discussed in Canadian legislative assemblies: Senate Bill S-220, a private member’s bill with private right of action and criminal remedies; Parliamentary Bill C-27, tabled by the government, with private right of action, coordination between various enforcement agencies... more»

How to Steal Reputation

The term "reputation hijacking" continues to spread through the anti-spam community and the press. It's intended to describe when a spammer or other bad actor uses someone else's system -- usually one of the large webmail providers -- to send their spam. The idea is that in doing so, they're hijacking the reputation of the webmail provider's IPs instead of risking the reputation of IPs under their own control. But I really have to laugh (though mostly out of sadness) whenever this technique is described as something new... more»

Cyber Breaches Even Worse Than You Think

It may seem as if a new breach of some computer system or network is reported every couple of months; but actually, one security expert says it's worse than that. According to James Lewis, director of the technology and public policy program at the Center for Strategic and International Studies, reports of about 17 significant security incidents were released in the last two years - which averages to one report every 6 weeks... more»

US Transportation Department: Air Traffic Control System Vulnerable to Cyberattack

The Federal Aviation Administration’s air traffic control system is vulnerable to cyberattacks via Web applications that support the system, according to a new report released by the Transportation Department’s Office of Inspector General (OIG). “In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, [air traffic control] systems encounter attacks that do serious harm to [air traffic control] operations,” wrote Rebecca Leng, DOT’s assistant inspector general for financial and information technology audits, in the report... more»