Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts
19 December 2016
Cybersecurity: Understanding DNS Attacks
source: Understanding the DNS Attacks: Convenience v Security | K2 Intelligence - Investigations · Compliance Solutions · Cyber Defense - JDSupra
#Cybersecurity #Cyberattack #Security #DNS
24 October 2016
04 March 2016
11 January 2016
What China's Anti-Terrorism Law Means For ISPs and Domain Names
The State Council of China has published the Anti-Terrorism Law of the People's Republic of China, to combat the threat of terrorism. Service providers of various industries (including telecommunication and Internet service providers or ISPs) must comply--e.g., verify the true identity of the users/customers before they can provide any services to such users/customers, provide assistance and technological support (including technological interface and decryption) to the public security bureaus and national security authorities for the purpose of preventing and investigating terrorism activities, take security measures and adopt monitoring mechanisms to identify terrorism and extremism information. Presumably these provisions may also apply to domain name registry operators and registrars.
Source: China’s Anti-Terrorism Law – what it means for telecommunications and Internet service providers | DLA Piper - JDSupra:
more news links below (on mobile go to web version link below)
Follow @expvccom
Source: China’s Anti-Terrorism Law – what it means for telecommunications and Internet service providers | DLA Piper - JDSupra:
more news links below (on mobile go to web version link below)
Follow @expvccom
31 December 2015
IoT, Internet of Things, Inevitable Collision with Product Liability
IoT, Internet of Things, Inevitable Collision with Product Liability, security, Industrial Internet Consortium, cybersecurity,
source: The Internet of Things and the Inevitable Collision with Product Liability PART 5: Security and the Industrial Internet Consortium | Wilson Elser - JDSupra
14 December 2015
IRS Taxpayer Campaign to Protect Personal Information
Re: IRS, Taxpayer, Protect, Personal Information, Data, Cybersecurity, Security.
Source: IRS Begins Campaign to Encourage Taxpayers to Protect Personal Information | McGuireWoods LLP - JDSupra
10 December 2015
Cyber-Insurance Does Not Ensure Protection From Data Breach
... a recent lawsuit filed in California underscores that while obtaining cyber-insurance may be prudent, it cannot replace conducting a thorough risk assessment and adopting best practices when it comes to information security management. Failure to implement critical information security policies may render a cyber-insurance policy invalid...
cybersecurity, insurance, data, breach, cyberattack, security,
Source: Cyber-Insurance Does Not Ensure Protection From Data Breach | Wiggin and Dana LLP - JDSupra
cybersecurity, insurance, data, breach, cyberattack, security,
Source: Cyber-Insurance Does Not Ensure Protection From Data Breach | Wiggin and Dana LLP - JDSupra
19 October 2015
02 September 2015
US Ambassador at 7th Annual Summit on Cyber and Network Security
U.S. Ambassador Richard R. Verma’s Remarks at ASSOCHAM’s 7th Annual Summit on Cyber and Network Security - Ashok Hotel, New Delhi | August 26, 2015 (As Prepared for Delivery):
Good morning and thanks for the generous introduction. I’m delighted to be here and thank ASSOCHAM for the chance to speak to you on this important topic. Of course, the Internet today is part of just about everything we do. This digital age has opened countless windows of opportunity, to the great benefit of the U.S. and India. Both our societies and our economies have been enriched by the many advantages of greater connectivity; and I know this first hand, since I continue to marvel and how instantly connected I have felt to Indians of all ages since I have started my Twitter account. In fact just two weeks ago I visited Twitter’s India headquarters and took part in an online chat with a number of tech savvy Indians.
When we talk about digital technology, it is natural to think about potential risks, but it is the possibilities that should motivate us. From the campuses of Silicon Valley to the tech parks of Bangalore, our countries have emerged as leaders in the field of IT development. The Indian diaspora has played a particularly large role. Just two weeks ago Sundar Pichai, a native of Chennai, was named CEO of Google, one of America’s tech giants. He is one of countless similar examples. Indeed, when Prime Minister Modi visits California next month, he will be welcomed by a vibrant Indian-American community which, over the last two decades, has helped to transform the high-technology sector.
Similarly, here in India, technology has been integral in powering economic growth, whether it be through e-commerce, IT services, or product development. The Prime Minister’s “Digital India” initiative highlights India’s commitment to enhancing digital capacity, across a variety of sectors, bridging the divide between urban and rural communities. Secretary John Kerry also recently launched a new initiative to increase internet connectivity, in partnership with government, development banks, engineers, and industry leaders. I applaud these efforts, as broadening the reach of the Internet is a powerful way to promote global development. Every time a country increases its internet penetration by ten percent, its total economic growth can expand by up to two percent.
The Internet is part of the critical infrastructure that we have come to depend on. We use it in so many ways – as a communication tool, a marketplace, a forum for expressing new ideas. Digital technology promotes transparency and helps to hold governments accountable. It is a means to fight against repression, and protect human dignity. Yet we must ensure that cybersecurity tools are not inappropriately used to undermine these important benefits.
But, as transformative as the Internet is, there are risks. And the more reliant we become on the Internet, the greater those risks become. This means we need sound policies to protect this essential resource, as it is vital to advancing human progress in the 21st century. Therefore, promoting an open, secure, and reliable Internet is a key component of our economic policy.
Protecting the Internet cannot be the task of just one country, however, and requires cooperation between government, industry, academia, and every user. It is a shared resource, and thus its stewardship is a shared responsibility. The Internet has flourished because of the bottom-up, consensus-based process that allows multiple stakeholders to participate in its governance. Likewise, all stakeholders have a critical role in cybersecurity and cybercrime as well. The multistakeholder approach reaches beyond government and includes the private sector, civil society, academic institutions, and all internet users. Multistakeholder Internet governance has served us well thus far, and it is critical to broaden this approach to other areas of cyber policy because all institutions and users share a responsibility to keep the internet operating in a safe, secure, and reliable manner.
To that end, India’s recent decision to support the multistakeholder approach to internet governance is not only a win for India’s people, but an example of India’s ever-expanding role as a democratic world leader. We look forward to working closely with India and other partners to preserve the multistakeholder model, wherever it is challenged.
Of course, there are other, serious threats to the internet. As recent headlines have shown, cyber-attacks are a real and persistent concern. Internet misconduct has resulted in billions of dollars in economic damage. Criminal networks misuse the Internet to steal information and profit at the expense of private citizens, businesses, and governments. Extremist groups see it as a means to disseminate violent extremist propaganda and mislead youth into joining their causes. It is in our shared interest to seek collaborative solutions to these challenges.
We believe that the best defense is to promote what we call “international cyber stability.” This means we are seeking broad consensus on what constitutes responsible behavior in cyberspace. Our goal is to create a climate in which people everywhere are able to enjoy the benefits of the digital world. There is general consensus that the basic rules of international law apply in cyberspace, but there are a number of additional principles that should underpin countries’ behavior in cyberspace.
First, we posit that no country should support or conduct online activity that intentionally damages or impedes another country’s use.
Second, no country should seek to prevent emergency teams from responding to a security breach, or allow its own teams to cause harm.
Third, no country should engage in cyber-enabled theft of intellectual property, trade secrets, or other confidential information for commercial gain.
Fourth, every country should confront malicious cyber activity emanating from its soil. This includes the activities of extremist groups who seek to engage in criminal and terrorist behavior.
And finally, every country should do what it can to help states that are the victims of a cyber-attack.
Agreeing to and abiding by these principles would move us a long way towards ensuring a more secure cyberspace. In order to get there, however, we must work to improve our own and our partners’ capacity to protect against cyber threats. This includes a preventative component – through strong legal frameworks and improved training. It also means enhancing our capability to respond to threats, by improving the resiliency of our networks, and strengthening the relationships between our law enforcement communities.
Perhaps the greatest protection against such threats is the regular and substantive sharing of information on cyber threats, and stronger coordination in response to cyber-attacks and cybercrime. This is an area in which the United States and India continue to partner. We recently provided information on a high-profile hacking group operating from India, enabling our two countries to take concerted action against its threat. We are also engaged in efforts to improve the process through which other countries can obtain bank records and other forms of electronic evidence from the United States, for use in legal proceedings against illicit actors.
We should continue to build information-sharing mechanisms through law enforcement and intelligence channels, as well as within our private sector, as the bulk of our networks lie outside of public and government control. We must also continue to work through differences in our legal systems that can sometimes slow the sharing of information used during criminal investigations. Given the risks involved, these are worthwhile efforts.
Just two weeks ago, our governments participated in the U.S.-India Cyber dialogue. The United States and India held open and constructive conversations about substantive measures to increase cyber cooperation, ranging from coordinating on internet governance issues, deepening our existing cyber security collaboration, streamlining the exchange of information related to cybercrime, and U.S. support for India’s ambitious but essential cybersecurity skills development initiative. These, and other common objectives, highlight the criticality of the U.S.-India relationship, leverage the inseparable ties of our IT communities, and emphasize yet another example of our joint efforts to safeguard critical infrastructure and national security.
Our populations are among the most interconnected on the planet, which is in part a reflection of our shared values. The Internet is an unparalleled platform where voices from every corner of the globe can contribute to political, economic, and social discourse. Discussions on how to manage cyberspace can be difficult, because they touch on the core of our democratic values, including ethics, the role of government in society, and economic liberty. But if we commit ourselves to protecting internet freedom, the digital revolution will continue to power the opportunities our societies cherish most – by helping to strengthen governments, make us safer, boost economic growth, and promote free expression. And those are goals worth fighting for.
Thank you.
source: Speeches & Remarks | New Delhi, India - Embassy of the United States
Good morning and thanks for the generous introduction. I’m delighted to be here and thank ASSOCHAM for the chance to speak to you on this important topic. Of course, the Internet today is part of just about everything we do. This digital age has opened countless windows of opportunity, to the great benefit of the U.S. and India. Both our societies and our economies have been enriched by the many advantages of greater connectivity; and I know this first hand, since I continue to marvel and how instantly connected I have felt to Indians of all ages since I have started my Twitter account. In fact just two weeks ago I visited Twitter’s India headquarters and took part in an online chat with a number of tech savvy Indians.
When we talk about digital technology, it is natural to think about potential risks, but it is the possibilities that should motivate us. From the campuses of Silicon Valley to the tech parks of Bangalore, our countries have emerged as leaders in the field of IT development. The Indian diaspora has played a particularly large role. Just two weeks ago Sundar Pichai, a native of Chennai, was named CEO of Google, one of America’s tech giants. He is one of countless similar examples. Indeed, when Prime Minister Modi visits California next month, he will be welcomed by a vibrant Indian-American community which, over the last two decades, has helped to transform the high-technology sector.
Similarly, here in India, technology has been integral in powering economic growth, whether it be through e-commerce, IT services, or product development. The Prime Minister’s “Digital India” initiative highlights India’s commitment to enhancing digital capacity, across a variety of sectors, bridging the divide between urban and rural communities. Secretary John Kerry also recently launched a new initiative to increase internet connectivity, in partnership with government, development banks, engineers, and industry leaders. I applaud these efforts, as broadening the reach of the Internet is a powerful way to promote global development. Every time a country increases its internet penetration by ten percent, its total economic growth can expand by up to two percent.
The Internet is part of the critical infrastructure that we have come to depend on. We use it in so many ways – as a communication tool, a marketplace, a forum for expressing new ideas. Digital technology promotes transparency and helps to hold governments accountable. It is a means to fight against repression, and protect human dignity. Yet we must ensure that cybersecurity tools are not inappropriately used to undermine these important benefits.
But, as transformative as the Internet is, there are risks. And the more reliant we become on the Internet, the greater those risks become. This means we need sound policies to protect this essential resource, as it is vital to advancing human progress in the 21st century. Therefore, promoting an open, secure, and reliable Internet is a key component of our economic policy.
Protecting the Internet cannot be the task of just one country, however, and requires cooperation between government, industry, academia, and every user. It is a shared resource, and thus its stewardship is a shared responsibility. The Internet has flourished because of the bottom-up, consensus-based process that allows multiple stakeholders to participate in its governance. Likewise, all stakeholders have a critical role in cybersecurity and cybercrime as well. The multistakeholder approach reaches beyond government and includes the private sector, civil society, academic institutions, and all internet users. Multistakeholder Internet governance has served us well thus far, and it is critical to broaden this approach to other areas of cyber policy because all institutions and users share a responsibility to keep the internet operating in a safe, secure, and reliable manner.
To that end, India’s recent decision to support the multistakeholder approach to internet governance is not only a win for India’s people, but an example of India’s ever-expanding role as a democratic world leader. We look forward to working closely with India and other partners to preserve the multistakeholder model, wherever it is challenged.
Of course, there are other, serious threats to the internet. As recent headlines have shown, cyber-attacks are a real and persistent concern. Internet misconduct has resulted in billions of dollars in economic damage. Criminal networks misuse the Internet to steal information and profit at the expense of private citizens, businesses, and governments. Extremist groups see it as a means to disseminate violent extremist propaganda and mislead youth into joining their causes. It is in our shared interest to seek collaborative solutions to these challenges.
We believe that the best defense is to promote what we call “international cyber stability.” This means we are seeking broad consensus on what constitutes responsible behavior in cyberspace. Our goal is to create a climate in which people everywhere are able to enjoy the benefits of the digital world. There is general consensus that the basic rules of international law apply in cyberspace, but there are a number of additional principles that should underpin countries’ behavior in cyberspace.
First, we posit that no country should support or conduct online activity that intentionally damages or impedes another country’s use.
Second, no country should seek to prevent emergency teams from responding to a security breach, or allow its own teams to cause harm.
Third, no country should engage in cyber-enabled theft of intellectual property, trade secrets, or other confidential information for commercial gain.
Fourth, every country should confront malicious cyber activity emanating from its soil. This includes the activities of extremist groups who seek to engage in criminal and terrorist behavior.
And finally, every country should do what it can to help states that are the victims of a cyber-attack.
Agreeing to and abiding by these principles would move us a long way towards ensuring a more secure cyberspace. In order to get there, however, we must work to improve our own and our partners’ capacity to protect against cyber threats. This includes a preventative component – through strong legal frameworks and improved training. It also means enhancing our capability to respond to threats, by improving the resiliency of our networks, and strengthening the relationships between our law enforcement communities.
Perhaps the greatest protection against such threats is the regular and substantive sharing of information on cyber threats, and stronger coordination in response to cyber-attacks and cybercrime. This is an area in which the United States and India continue to partner. We recently provided information on a high-profile hacking group operating from India, enabling our two countries to take concerted action against its threat. We are also engaged in efforts to improve the process through which other countries can obtain bank records and other forms of electronic evidence from the United States, for use in legal proceedings against illicit actors.
We should continue to build information-sharing mechanisms through law enforcement and intelligence channels, as well as within our private sector, as the bulk of our networks lie outside of public and government control. We must also continue to work through differences in our legal systems that can sometimes slow the sharing of information used during criminal investigations. Given the risks involved, these are worthwhile efforts.
Just two weeks ago, our governments participated in the U.S.-India Cyber dialogue. The United States and India held open and constructive conversations about substantive measures to increase cyber cooperation, ranging from coordinating on internet governance issues, deepening our existing cyber security collaboration, streamlining the exchange of information related to cybercrime, and U.S. support for India’s ambitious but essential cybersecurity skills development initiative. These, and other common objectives, highlight the criticality of the U.S.-India relationship, leverage the inseparable ties of our IT communities, and emphasize yet another example of our joint efforts to safeguard critical infrastructure and national security.
Our populations are among the most interconnected on the planet, which is in part a reflection of our shared values. The Internet is an unparalleled platform where voices from every corner of the globe can contribute to political, economic, and social discourse. Discussions on how to manage cyberspace can be difficult, because they touch on the core of our democratic values, including ethics, the role of government in society, and economic liberty. But if we commit ourselves to protecting internet freedom, the digital revolution will continue to power the opportunities our societies cherish most – by helping to strengthen governments, make us safer, boost economic growth, and promote free expression. And those are goals worth fighting for.
Thank you.
source: Speeches & Remarks | New Delhi, India - Embassy of the United States
05 August 2015
Data, Privacy, Security, Lessons from FTC Enforcement Actions
Data, Privacy, Security, Lessons from FTC Enforcement Actions - source: Davis Wright Tremaine LLP - JDSupra
more news links below (on mobile go to web version link below)
Follow @expvccom
29 July 2015
China, New National Security Law, Effort to Control Cybersecurity
China Adopts the New National Security Law - a Top Legislative Effort to Control Cybersecurity | DLA Piper - JDSupra:
more news links below (on mobile go to web version link below)
Follow @expvccom
more news links below (on mobile go to web version link below)
Follow @expvccom
30 June 2015
Domain Name Security and Scam Alert
1f You Can R3ad Th15 – Security and Scam Alert | McCarter & English, LLP - JDSupra:
more news links below (on mobile go to web version link below)
Follow @expvccom
more news links below (on mobile go to web version link below)
Follow @expvccom
24 June 2015
Internet of Things, IoT, FTC Data Privacy And Security Enforcement
FTC Commissioner Says That The FTC’s Data Privacy And Security Enforcement Authority Applies To The “Internet of Things” | King & Spalding - JDSupra:
more news links below (on mobile go to web version link below)
Follow @expvccom
more news links below (on mobile go to web version link below)
Follow @expvccom
17 February 2015
FTC Landmark Report on Internet of Things, Privacy, Security
FTC Issues Landmark Report on Internet of Things | Morrison & Foerster LLP - Social Media - JDSupra:
FTC Landmark Report on Internet of Things:
Federal Trade Commission Staff Report On the November 2013 Workshop Entitled The Internet of Things: Privacy and Security in a Connected World
Bureau of Consumer Protection January 2015
DOCUMENT:
FTC Staff Report on the Workshop "Internet of Things: Privacy and Security in a Connected World" (655.54 KB)
more news links below (on mobile go to web version link below)
Follow @expvccom
FTC Landmark Report on Internet of Things:
Federal Trade Commission Staff Report On the November 2013 Workshop Entitled The Internet of Things: Privacy and Security in a Connected World
Bureau of Consumer Protection January 2015
DOCUMENT:
FTC Staff Report on the Workshop "Internet of Things: Privacy and Security in a Connected World" (655.54 KB)more news links below (on mobile go to web version link below)
Follow @expvccom
07 October 2014
ICANN Follies, New gTLD Domain Names, New Security Threats
As a result of ICANN's New Generic Top Level Domains (new gTLDs), being rolled-out, new security threats are increasingly being reported--
Recently introduced TLDs create new opportunities for criminals | CSO Online: Sep 22, 2014 "...The [new g]TLDs ... [have] become a goldmine for criminals, who can often bypass network defenses guarding against phishing and C&C communications by using a domain that's outside of the norm. According to researchers at Malwarebytes, many of the newly released TLDs have been linked to various malicious activities on the Web in the last 60-days, including malware propagation and phishing. Some of the [new g]TLDs that were singled out include .pictures, .club, .xyz, .email, .company, .directory, .support, and .consulting... many of them were properly registered. However, the web servers they're pointed at were compromised. Many of the compromised servers were being used to propagate the Angler Exploit Kit. The Angler kit targets vulnerable Internet Explorer browsers, Java installations, and Adobe products. It's also known to attempt an infection without writing the malware to the system's drive, leaving the code running in memory. Angler mostly installs Zeus-based malware, targeting authentication credentials and financial data. At the same time, it's able to deliver any payload available depending on the campaign. Earlier this year, it was linked to a massive phishing campaign, which compromised more than 46,000 systems...." (read more at link above, emphasis added)
https://yourfakebank.support -- TLD confusion starts! - Internet Security | SANS ISC: Sep 16 2014 "Phishing emails per se are nothing new. But it appears that URLs like... [looks similar to this: hxxps://url-bofa.support/BankofAmerica.com] in the phishing email... have a higher success rate with users. I suspect this is due to the fact that the shown URL "looks different", but actually matches the linked URL, so the old common "wisdom" of hovering the mouse pointer over the link to look for links pointing to odd places .. won't help here. But wait, there's more! Since the crooks in this case own the [new gTLD] domain [name], and obviously trivially can pass the so-called "domain control validation" employed by some CA's, they actually managed to obtain a real, valid SSL certificate!..." (read more at the link above, emphasis added)
ICANN's Fresh Top Level Domains: a Gift to Phishers - Infosecurity Magazine: 18 Sep 2014 "... “Pretty much ever since TLD .biz went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANN's latest folly and money-grab went live,” SANS researchers said in a bulletin. It looks like a number of the new top-level domains, like .support", .club, etc. have now come online. And again, it seems like only the crooks are buying.”...." (read more at link above, emphasis added)
Recently introduced TLDs create new opportunities for criminals | CSO Online: Sep 22, 2014 "...The [new g]TLDs ... [have] become a goldmine for criminals, who can often bypass network defenses guarding against phishing and C&C communications by using a domain that's outside of the norm. According to researchers at Malwarebytes, many of the newly released TLDs have been linked to various malicious activities on the Web in the last 60-days, including malware propagation and phishing. Some of the [new g]TLDs that were singled out include .pictures, .club, .xyz, .email, .company, .directory, .support, and .consulting... many of them were properly registered. However, the web servers they're pointed at were compromised. Many of the compromised servers were being used to propagate the Angler Exploit Kit. The Angler kit targets vulnerable Internet Explorer browsers, Java installations, and Adobe products. It's also known to attempt an infection without writing the malware to the system's drive, leaving the code running in memory. Angler mostly installs Zeus-based malware, targeting authentication credentials and financial data. At the same time, it's able to deliver any payload available depending on the campaign. Earlier this year, it was linked to a massive phishing campaign, which compromised more than 46,000 systems...." (read more at link above, emphasis added)
https://yourfakebank.support -- TLD confusion starts! - Internet Security | SANS ISC: Sep 16 2014 "Phishing emails per se are nothing new. But it appears that URLs like... [looks similar to this: hxxps://url-bofa.support/BankofAmerica.com] in the phishing email... have a higher success rate with users. I suspect this is due to the fact that the shown URL "looks different", but actually matches the linked URL, so the old common "wisdom" of hovering the mouse pointer over the link to look for links pointing to odd places .. won't help here. But wait, there's more! Since the crooks in this case own the [new gTLD] domain [name], and obviously trivially can pass the so-called "domain control validation" employed by some CA's, they actually managed to obtain a real, valid SSL certificate!..." (read more at the link above, emphasis added)
ICANN's Fresh Top Level Domains: a Gift to Phishers - Infosecurity Magazine: 18 Sep 2014 "... “Pretty much ever since TLD .biz went online a couple years ago, and the only ones buying domains in this space were the scammers, we kinda knew what would happen when ICANN's latest folly and money-grab went live,” SANS researchers said in a bulletin. It looks like a number of the new top-level domains, like .support", .club, etc. have now come online. And again, it seems like only the crooks are buying.”...." (read more at link above, emphasis added)
Subscribe to:
Posts (Atom)
