Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Security / Recently Commented

US Transportation Department: Air Traffic Control System Vulnerable to Cyberattack

The Federal Aviation Administration’s air traffic control system is vulnerable to cyberattacks via Web applications that support the system, according to a new report released by the Transportation Department’s Office of Inspector General (OIG). “In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, [air traffic control] systems encounter attacks that do serious harm to [air traffic control] operations,” wrote Rebecca Leng, DOT’s assistant inspector general for financial and information technology audits, in the report... more»

Cyber Security and the White House

A few months ago, an article appeared on arstechnica.com asking the question "Should cybersecurity be managed from the White House?" During the recent presidential elections in the United States and the federal elections in Canada, the two major players in both parties had differing views that crossed borders. In the US, the McCain campaign tended to favor free market solutions to the problem of cybersecurity, and the Conservatives in Canada took a similar position... more»

Pentagon Quietly Sharing Classified Cyber Threat Intelligence With Defense Contractors

Shane Harris reporting on the National Jouranl that a new intelligence partnership, which has not been previously reported, called the Industrial Base initiative, or "the DIB," has been in the making since September 2007 where contractors and the government could confidentially share information. From the report... more»

NYT: Atomic Bomb Changed Warfare 64 Years Ago, International Race Has Begun to Develop Cyberweapons

When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group's computers and altered information that drove them into American gun sights. When President George W. Bush ordered new ways to slow Iran's progress toward a nuclear bomb last year, he approved a plan for an experimental covert program -- its results still unclear -- to bore into their computers and undermine the project... more»

Hackers Stole Info on $300B Fighter Jet Program, US Defense Secretary Responds on 60 Minutes

Defense Secretary Robert Gates said Tuesday that the United States is "under cyber-attack virtually all the time, every day" and that the Defense Department plans to more than quadruple the number of cyber experts it employs to ward off such attacks. In an interview for an upcoming edition of 60 Minutes, CBS News anchor Katie Couric asked Gates about the nation's cyber security after hackers stole specifications from a $300 billion fighter jet development program as well as other sensitive information... more»

John Chambers: Cloud Computing "A Security Nightmare"

If anyone has the right to be excited about cloud computing, it's John Chambers. But on Wednesday Cisco Systems' Chairman and CEO conceded that the computing industry's move to sell pay-as-you-go computing cycles available as a service on the Internet was also "a security nightmare." Speaking during a keynote address at the annual security confab, Chambers said that cloud computing was inevitable, but that it would shake up the way that networks are secured... more»

Rustock, Xarvester Spambots Capable of Sending 25,000 Messages Per Hour, Says New Study

A recent study suggests Rustock and Xarvester malware provided the most efficient spambot code, enabling individual zombie computers to send 600,000 spam messages each over a 24 hour period. "Over the past few years, botnets have revolutionized the spam industry and pushed spam volumes to epidemic proportions despite the best efforts of law enforcement and the computer security industry. Our intention was to better understand the origins of spam, and the malware that drives it," said Phil Hay, senior threat analyst, TRACElabs (a research arm of security company Marshal8e6)... more»

Global DNS SSR Recap

This past February, around 100 DNS industry experts met in Atlanta, GA for the "The Global DNS Security, Stability, & Resiliency Symposium." Organized by ICANN and hosted by Georgia Tech, this event was to strengthen personal relationships between operators and review what we know about the DNS infrastructure... The content included three breakout groups over two days: Enterprise Use of DNS, DNS in Resource Constrained Environments, and Combating Malicious Use of DNS... more»

Implications of California Telecom Attack Gone Un-Reported

In an article titled "A Cyber-Attack on an American City", Bruce Perens writes: "Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities..." more»

Unconfirmed Reports Suggest Top Brazilian Bank Hit With Cache-Poisoning Attack

One of Brazil's biggest banks has suffered an attack that redirected its customers to fraudulent websites that attempted to steal passwords and install malware, according to an unconfirmed report. According to this Google translation of an article penned in Portuguese, the redirection of Bradesco was the result of what's known as a cache poisoning attack on Brazilian internet service provider NET Virtua... more»

A Few More Thoughts on Email Authentication… errr… Trust

Mike Hammer's thoughtful article, A Few Thoughts on the Future of Email Authentication, should trigger thoughtfulness in the rest of us. Email abuse has been around a long time. Anti-abuse efforts have too. Yet global abuse traffic has grown into the 90+% range, with no hint of trending downward. The best we hear about current effectiveness is for last-hop filtering, if you have the money, staff and skills to apply to the problem... more»

US Defense Secretary to Announce Creation of New Military 'Cyber Command'

The Obama administration plans to create a new military command to coordinate the defense of Pentagon computer networks and improve U.S. offensive capabilities in cyberwarfare, according to current and former officials familiar with the plans. The initiative will reshape the military's efforts to protect its networks from attacks by hackers, especially those from countries such as China and Russia. The new command will be unveiled within the next few weeks, Pentagon officials said... more»

Is It Time to Supplement Desktop Security Protections?

Internet users are acutely aware of their exposure on the Internet and clearly concerned about their safety. Increased downloads of scareware as Conficker made headlines in the mainstream media are only the latest evidence. Desktop software is often viewed as a one-stop shop for fighting Internet threats such as viruses, worms and other forms of malware and phishing. These solutions have served us well but more protections are needed to address the dynamic and increasingly sophisticated web based exploits being launched... more»

Malware Found on US Electrical Grid Installed by Chinese and Russian Spies, Say Reports

Siobhan Gorman reporting on the Wall Street Journal today: "Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war." more»

Why DNS Is Broken, Part 1: Trust

So this Internet thing, as we discussed in our last article, is broken. I promised to detail some of the specific things that are broken. Implicit trust is the Achilles heel of the Internet... All of the communication between the resolver and the DNS server is in plain text that can be easily seen and changed while in transit, further, the resolver completely trusts the answer that was returned... more»