Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Recently Commented

Searching for Truth in DKIM: Part 5 of 5

Throughout this series of articles we've been talking about DKIM, and what a valid DKIM signature actually means. .. What this means for senders (of any type) is that with DKIM, you’re protected. On the internet, your domain name is a statement of your brand identity – so by signing messages with DKIM, you can finally, irrevocably tie those messages to your brand. more»

Popular Mechanics on Vulnerability of US Infrastructure to a Major Cyberattack

The next world war might not start with a bang, but with a blackout. An enemy could send a few lines of code to control computers at key power plants, causing equipment to overheat and melt down, plunging sectors of the U.S. and Canadian grid into darkness. Trains could roll to a stop on their tracks, while airport landing lights wink out and the few traffic lights that remain active blink at random. In the silence and darkness, citizens may panic, or they may just sit tight and wait for it all to reboot. Either way, much of the country would be blind and unresponsive to outside events. And that might be the enemy's objective: Divert America's attention while mounting an offensive against another country... more»

DNS Insecurity

The Internet as we know it and use it today -- is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". more»

Will ENUM Deliver?

ENUM (E.164 NUmber Mapping) is a technology that has been around for a little while that has promised much and, so far, delivered little to the average user. As Nominet has recently been awarded the contract to administer the UK 4.4.e164.arpa delegation, I thought it was time that I put my thoughts on this subject down in writing. I'm going to cover the potential of ENUM in the telecoms industry and what it could mean to you, along with how it is currently being used and what potential security issues surround ENUM. more»

Searching for Truth in DKIM: Part 4 of 5

Once you've determined that you can trust the signer of a message, as we discussed in part 3, it's easy to extrapolate that various portions of the message are equally trustworthy. For example, when there's a valid DKIM signature, we might assume that the From: header isn't spoofed. But in reality, DKIM only tells us two basic things... more»

Designing Secure Networks with Cisco Technology, Part 4

In this multipart series I will be presenting some of the leading industry-standard best practices for enterprise network security using Cisco technologies... In Part 3 of this series I began to discuss Cisco technologies as a standard for enterprise data security. In this article we take a look at how Cisco firewall and packet filtering technologies can be used at the network perimeter to enhance enterprise security. more»

Worming Our Way Out of Trouble

The Conficker worm will be active again on April 1st, according to an analysis of its most recent variant, Conficker.C, by the net security firm CA. This malicious piece of software, also known as Downup, Downadup and Kido, spreads among computers running most variants of the Windows operating system and turns them into nodes on a multi-million member ‘botnet’ of zombie computers that can be controlled remotely by the worm’s as yet unidentified authors. more»

The DNSSEC Industry Coalition Meets to "Make It So"

The DNSSEC Industry Coalition conducted its first face to face meeting on Friday, March 13, 2009 at Google's Washington, DC office. Google's fun filled meeting room was packed with organizations that share a keen interest in DNS Security through the implementation of DNSSEC. more»

StopBadware.org and Consumer Reports Launch BadwareBusters.org

StopBadware.org and Consumer Reports WebWatch have announced today the full launch of BadwareBusters.org, a new online community for people looking for help preventing and countering viruses, spyware, and other "badware" on their computers and websites. Maxim Weinstein, manager of StopBadware.org at Harvard University's Berkman Center for Internet & Society, says the site is not only a useful destination, but also a piece of a bigger puzzle. "BadwareBusters.org is part of StopBadware's strategy to bring together the people, the organizations, and the data that allow us to fight back against the spread of badware," Weinstein said. "The collective wisdom of the BadwareBusters community will inform not only individuals, but the entire technology industry." more»

Searching for Truth in DKIM: Part 3 of 5

Last year, MAAWG published a white paper titled Trust in Email Begins with Authentication [PDF], which explains that authentication (DKIM) is "[a] safe means of identifying a participant-such as an author or an operator of an email service" while reputation is a "means of assessing their trustworthiness."

 more»

U.S. Cyber Security: Blurred Vision

It has been beaten, butted, and batted around quite a bit in the past few weeks -- let's look at a rough timeline of political issues which bring me to this point. Let's look at the power struggle (I prefer to call it confusion) in the U.S. Government with regards to "Cyber Security" -- in a nutshell. In the latter part of 2008, the U.S. House of Representatives Homeland Security Committee determined that DHS was not capable of providing proper critical infrastructure protection (and other Cyber protection capabilities) due to a number of issues. This may well be a political maneuver, or it may well actually have merit. more»

Recursive DNS and You

In the world of DNS, there are two types of DNS servers, 'recursion disabled' and 'recursion enabled'. Recursion disabled servers, when asked to resolve a name, will only answer for names that they are authoritative for. It will absolutely refuse to look up a name it does not have authority over and is ideal for when you don't want it to serve just any query. It isn't, however, very useful for domains you don't know about or have authority over... more»

Defense Science Board: Cyber Security the Achilles' Heel of US Military Might

Robert O'Harrow of the Washington Post reporting: "Everybody knows by now that cyber security is something of an annoyance, if not a big deal... What most of us fail to appreciate is how big a deal all this really is. That's one of the subtexts of a new report from congressional researchers [PDF] that came Government Inc.'s way. Going by the dry title 'Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations,' the report underscores in a compelling way the fact that the nation's cyber vulnerabilities continue to grow, and fast." more»

Cybercrime Outsourcing to Become a Key Trend in 2009

Speaking at the Vasco Banking Summit in Sydney yesterday, the company's technical account manager, Vlado Vajdic, told delegates that cyber crime was becoming so business-like that online offerings of malicious code often included support and maintenance services. Additionally, he said, cybercrime outsourcing would become a key trend in 2009... more»

The Real Pain Caused by Russian Cyberattacks on Georgia and Estonia

The popular concept of the cyber-attacks launched by Russia against Estonia and Georgia in recent years is that an army of volunteer hackers bombarded government computers in those target countries with disabling botnet attacks. But the reality is that most of the cyber-pain suffered by Estonia, for example, was caused when the U.S. and European banking system chose intentionally to cut off Estonia from the Internet-based financial clearing networks, because the networks couldn't distinguish bona fide transactions emanating from Estonia from botnet-induced bogus transactions. more»