Measuring DNS health, security

In early February, about fifty top DNS experts, engineers and practitioners assembled at an invitation-only symposium in Japan to talk about an esoteric but significant challenge to the future of the Internet: measuring the health of the domain name system (DNS). Determining the status of critical infrastructure of any kind can be difficult, but DNS is doubly so because it is a distributed infrastructure not run by one or even a handful of operators – there are thousands of “important” DNS operators.

Responding to network attacks

Though they’re not going away anytime soon — and every security geek in the IT department knows it — distributed denial-of-service (DDoS) attacks still cause great panic in most organizations hit by them. This being the case, it bears underscoring the importance of planning ahead so that you don’t get caught flatfooted when the next […]

Understanding business, Asian style

I gave a keynote speech at the 2009 annual conference of the Forum of Incident Response and Security Teams (FIRST) in Kyoto, Japan, that talked about my observations of Japanese business operations, highlighting the differences that become barriers to communication. This morning, I had the privilege of seeing a write-up of the talk in IT […]

Communication, culture and information security

Since my earliest days working in Silicon Valley, I have been involved in computer security incident response management. And so it was with great pleasure that I accepted a keynote speaking opportunity at the upcoming annual meeting of the Forum of Incident Response and Security Teams (FIRST) during 28 June-3 July 2009 in nearby Kyoto, […]

Electricity Industry looking for cyberthreats

The electric power utility industry is planning to start looking for cyberthreats against the power grid, and especially components that would wind up being the cornerstone of the Smart Grid project. According to the article, officials at the North American Electric Reliability Corporation (NERC) are planning to start a pilot investigation of cybersecurity risks to […]

The botnet peril

For as many times as we have heard that e-commerce is at risk due to the actions of sophisticated cyber-criminals, it is astounding how little has been done to protect against wholesale attacks against users and, more importantly, against the major retailers who are more and more dependent upon commercial trade over the Internet. It […]

AREVA bug puts power systems at risk

Critical power infrastructure is once again under threat of attack due to vulnerabilities discovered in a popular brand of SCADA equipment that is used to monitor and control power distribution. According to a string of CVE [1] notices cited in a February 2009 notice circulated by US-CERT, multiple vulnerabilities were found in the e-Terra Habitat […]

Secure web site certificate vulnerability

In December 2008, a group of computer security researchers attending a security conference in Berlin gave a practical demonstration of a serious security vulnerability related to the public key infrastructure (PKI) that allows for secure web browsing used for online banking, e-commerce and other sensitive transactions. In short, they were able to show the possibility […]

Millennials: the new workplace threat

Younger employees are taking their own technology and mobile devices into the workplace, confounding attempts to protect internal networks, reports Information Week.  The so-called Millennial generation, Under-28s who are increasingly connected to others using social networking software, are basing their choice of employer partly on how accommodating the company is to personal technology preferences, according […]

Underground digital economy spotlighted

In October 2008, the Symantec Corporation published its Report on the Underground Economy, which is the culmination of a year-long effort to observe and record the behaviors of bad actors in the cybercrime arena. By watching the activities of malicious botnets over a long period of time, Symantec’s researchers were able to identify likely interaction […]