Cybersecurity

Sponsored
by

Noteworthy

IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

Why ".brands" Domains Make Sense

I receive spam on a daily basis from various Banks... as well as mine. None are legitimate but actually, that is not what is catching my attention receiving spam. There is something else and it deals with stealing information from me. Creating a personalized ".brand" domain name extension allows avoiding all that. Many are familiar with receiving spam through phishing attempts to have you answering an email and providing personal information such as login and passwords... more

CircleID's Top 10 Posts of 2018

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2018 participants for sharing their thoughts and making a difference in the industry. more

Are We Ready to Defend Our Freedom? Book Review: "The Age of Surveillance Capitalism"

It is not often that you read a book where afterward nothing seems the same again. Like Adam Smith's The Wealth of Nations, Shoshana Zuboff's book: The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power,, puts what we do in these times into a context and gives a focus to ongoing issues of privacy and governance with regard to the Domain Name System. This is even more astonishing as the book does not even mention the DNS, the Internet ecosystem or even Internet Governance directly. more

IoT in Africa: Urgent Regulation Required

Globally, people are connecting more and more "things" to the Internet. Devices that were traditionally offline or dumb like refrigerators, cars, watches, home cameras, air condition, door locks, agriculture monitoring devices, etcetera, are now being connected to the Internet. This is referred to as the "Internet of Things" (IoT). Using sensors, IoT devices collect data of some sort, which is then most likely shared over a network connection to a service provider, where some analysis is performed on the data. more

Internet Economics

One year ago, in late 2017, much of the policy debate in the telecommunications sector was raised to a fever pitch over the vexed on-again off-again question of Net Neutrality in the United States. It seemed as it the process of determination of national communications policy had become a spectator sport, replete with commentators who lauded our champions and demonized their opponents. more

Quo Vadis ICANN?

The short history of Internet Governance is full of errors, failures, and - mainly - omissions. Despite the shortcomings, we also must acknowledge the achievements of past and present internet governance efforts. In particular, ICANN and its stakeholder constituencies have delivered on the mandate of a stable, secure and resilient Internet. Working with the IANA, IAB and IETF, the operational functions of IP addresses, and the Protocol Assignment and DNS must be seen as an unqualified success. more

5G Security Transparency

There is considerable rhetoric propagated today about 5G security. Some of the more blatant assertions border on xenophobia with vague assertions that the 5G vendors from some countries cannot be trusted and wholesale government banning is required. Existing treaty obligations are being summarily abrogated in favour of bilateral trade bullying. These are practices that the late President George H.W. Bush sought to eliminate a quarter century ago through intergovernmental organization initiatives... more

Has President Macron Thrown Multistakeholderism Under the Bus at UN IGF 2018 Paris?

Today, President Macron threw down the gauntlet to President Trump and the US administration on Multistakeholderism. In his welcome address to IGF 2018 Paris a few hours ago, President Macron challenged IGF to become more relevant by reinventing itself in factoring in multilateralism into IGF's non-decision-making body and to move beyond the mere talk-ship lip service it has been for the last 13 years. more

IGF 13 & Paris Peace Forum: Europe Should Take Lead in Shaping a "New Deal" on Internet Governance

The development of the Internet has arrived at a new Crossroads. The growing Internet Governance complexity is leading also to a higher level of confusion on how the digital future should be shaped. The French president Emanuel Macron and UN Secretary General Antonio Guterres will open both the Paris Peace Forum and the 13th IGF where Internet Governance is a key issue. Is the time ripe for a "New Deal" on Internet Governance? And which stakeholder should bear the primary responsibility for the normative framing of the key challenges internet governance is facing? more

Cyber Security Word Salad

Two months ago, the Trump White House published its National Cyber Strategy. It was followed a few days ago with the release of its draft NSTAC Cybersecurity "moonshot." The Strategy document was basically a highly nationalistic America-First exhortation that ironically bore a resemblance to China's more global two-year-old National Cybersecurity Strategy. more

BGP Hijacks: Two More Papers Consider the Problem

The security of the global Default Free Zone (DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again - it is worth looking at what these two papers add to the mix of what is known, and what solutions might be available. The first of these traces the impact of Chinese "state actor" effects on BGP routing in recent years. more

Securing the Routing System at NANOG 74

The level of interest in the general topic of routing security seems to come in waves in our community. At times it seems like the interest from network operators, researchers, security folk and vendors climbs to an intense level, while at other times the topic appears to be moribund. If the attention on this topic at NANOG 74 is anything to go by we seem to be experiencing a local peak. more

KSK Rollover, Elliptical Curve Vulnerabilities, Surveillance and Privacy. Are We Building Trust?

ICANN just recently performed a Root Zone DNS Security Extensions (DNSSEC) Key Signing Key (KSK) Rollover. The recent KSK Rollover that took place on the 11th October 2018. The KSK Rollover has been successful and congratulations are in order. The Root Zone DNSSEC Key Signing Key "KSK" is the top most cryptographic key in the DNSSEC hierarchy. The KSK is a cryptographic public-private key pair. more

Pen Testing the US Cyber Strategy

If it's not an era of intense faith in the multilateral system, somewhere among the Trump Administration's anonymous adults in the room there is a believer, and the Internet might be the better for it. Evidence for the existence of this fifth columnist lies in the US National Cyber Strategy, launched last month under the commander-in-chief's unprepossessing signature, which looks to provide security for America's connected economy. more

The Diet Pill Security Model

The information security industry, lacking social inhibitions, generally rolls its eyes at anything remotely hinting to be a "silver bullet" for security. Despite that obvious hint, marketing teams remain undeterred at labeling their companies upcoming widget as the savior to the next security threat (or the last one -- depending on what's in the news today). I've joked in the past that the very concept of a silver bullet is patently wrong... more

News Briefs

A Data Dumb Exposes 773 Million Unique Email Addresses, 22 Million Passwords

Global DNS Record Manipulation, Hijacking Campaign at Massive Scale Linked to Iran

Dozens of U.S. Government Websites Rendered Either Insecure or Inaccessible Amid Government Shutdown

UK Government Releases New Cyber Security Standard for Self-Driving Vehicles

McAfee Labs 2018 Report Reveals 480 New Threats Per Minute, Sharp Increase in IoT-Focused Malware

Latest Wave of Organized Phishing Attacks Beat Two-Factor Authentication

US Tech Firm Cloudflare Accused of Providing Cybersecurity Services to Foreign Terrorist Groups

Chinese Hackers Have Infiltrated US Navy Contractors to Steal Range of Data Including Missile Plans

Criminals Using New Phishing Techniques to Hide from Victims and Investigators, Reports APWG

Hackers Behind Marriott Breach Left Clues Suggesting Link to Chinese Government

Strange Email Used to Inform Marriott Customers About the Massive Data Breach

Paris Cyber Agreement Has Grown to More Than 450 Signatories

Kaspersky Loses Appeal Against US Government Ban of Its Security Software

NTIA Releases Cybersecurity Road Map for "Building a More Resilient Internet"

Half of Phishing Sites in the Wild Have SSL Certificates and Show Padlock Security Icon, Study Finds

Japan's Cybersecurity Minister Admits He Does Not Use Computers and Not Familiar With Cybersecurity

US, Russia and China Stay Out of Paris International Cybersecurity Pact

Schneier: Lasting IoT Security Will Only Happen if Governments Start Introducing Stiff Penalties

US Copyright Office Expands Security Researchers' Ability to Hack Without Going to Jail

Yahoo Agrees to Pay $50M and Other Costs for the Massive Security Breach Disclosed in 2016

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

ICANN Complaint System Easily Gamed

Verisign Updates – Sponsor

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Verisign just released its Q2 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of customers of Verisign DDoS Protection Services. more

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Currently scheduled for October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) plans to change the cryptographic key that helps to secure the internet's Domain Name System (DNS) by performing a Root Zone Domain Name System Security Extensions (DNSSEC) key signing key (KSK) rollover. more

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

Verisign has released its Q1 2018 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services, and security research conducted by Verisign Security Services. more

DNS-Based Threats: Cache Poisoning

As DNS attacks grow in frequency and impact, organizations can no longer afford to overlook DNS security as part of their overall defense-in-depth strategy. As with IT security in general, no single tactic can address the entire DNS threat landscape or secure the complete DNS ecosystem. more

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

Verisign has released its Q4 2017 DDoS Trends Report, which represents a unique view into the attack trends unfolding online, through observations and insights derived from distributed denial of service (DDoS) attack mitigations enacted on behalf of Verisign DDoS Protection Services and security research conducted by Verisign Security Services. more

DNS-Based Threats: DNS Reflection and Amplification Attacks

Cybercriminals recognize the value of DNS availability and look for ways to compromise DNS uptime and the DNS servers that support it. As such, DNS becomes an important point of security enforcement and a potential point in the Cyber Kill Chain for many cyber-attacks. more

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Verisign has qualified for the Online Trust Alliance's (OTA) 2017 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. This is the fifth consecutive year that Verisign has received this honor. more

Industry Updates

Afilias Joins Global Commission on the Stability of Cyberspace

i2Coalition Releases Statement On Australian Encryption Law Passing

Neustar to Acquire Verisign's Security Services Customer Contracts

Q2 2018 DDoS Trends Report: 52 Percent of Attacks Employed Multiple Attack Types

Operational Update Regarding the KSK Rollover for Administrators of Recursive Name Servers

Q1 2018 DDoS Trends Report: 58 Percent of Attacks Employed Multiple Attack Types

DNS-Based Threats: Cache Poisoning

KSK Rollover Webinar to Be Held with ECO and ICANN Tuesday, April 24th

Q4 2017 DDoS Trends Report: Financial Sector Experienced 40 Percent of Attacks

DNS-Based Threats: DNS Reflection and Amplification Attacks

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Percent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

Participants – Random Selection