Security firm chokes sprawling spam botnet

The efforts of a research firm took down a botnet responsible for 33% of the world’s spam.

The attack was multipronged. First the security firm reported abuses to ISPs regarding certain IP addresses. Secondly, the firm worked with registrars to deactivate registered names. Third, the firm registered backup domains that were not used, and fourth, the botnet was able to generate random domains based on a specific algorithm. The firm understood the algorithm and registered names possibly generated by this algorithm.

The effect was a botnet that had no where to turn. Now the individual bots have been orphaned and the security firm is working with the ISPs to notify the computer owners whose computers were once members of the botnet.

Click here for more information.

MassMutual Warns of Data Breach

Employee and customer data for MassMutual could have been compromised. Data handled by a third party provider was breached.

Click here for more information.

Majority of Web Apps Have Severe Vulnerabilities

A recent report indicates that close to 9 out of 10 web applications could lead to information exposure due to flaws as 87% of the Web applications analyzed had serious vulnerabilities.

60% of Internet-based attacks targeted Web applications. 90% of web vulnerabilities rested with commercial Web applications while 8% rested with browser-run applications.

25% of the attacks were SQL Injection-based with 17% of the attacks being attributed to Cross Site Scripting

Click here for more information.

No Rush to Adopt Domain Names Written in Chinese in China

While ICANN has opened the gates for IDNs to begin in certain countries, China being one of them, it appears there is no great rush to acquire the Chinese equivalent of the currently used Latin character set.

In many cases Chinese organizations have reduced the number of characters to make it easier for Chinese to type in the URL. For example “Tenchnt” is known as “qq.com” for its users. Another company has used “163.com” as the URL for its brand name as companies often associate numbers with their brands.

In one case where someone has already grabbed the Chinese equivalent to one company’s name, the head of the company would like to purchase the name, but feels having it owned by another party would not create any harm to their existing brand.

While the Chinese character sets will aid Internet usage for the older population, the majority of China’s Internet population is already used to the current method of using the Internet.

Click here for more information.

Google’s “AppEngine” application was used by cybercriminals to act as the master control channel, feeding commands to large networks of infected computers.

Also, it was found that the Koobface botnet was using Google Reader to spam malicious links to social networking sites; one of which being Facebook.

Click here for more information.

Gumblar Botnet Resurges

Known as one of the largest botnets that grew dramatically this year, Gumblar has reappeared.

Gumblar works in two ways. The first is to load malware onto sites. When users visit the sites malware is downloaded onto their computers. The second way Gumblar works is to populate websites with I-frames pointing to websites containing the malware.

Click here for more information.

New Spamming Botnet On The Rise

Currently sending 2.5 billion spam messages globally a new Botnet, known as “Festi” has quickly jumped to the rank of 5% to 6% of all spam generated. The jump means more bots (or compromised computers) were added into its botnet with 60% located in Asia, 18% in Europe and 9% in North America.

Click here for more information.

Practical Analysis: The Fastest-Growing Security Threat

Having grown from a few thousand a day a year ago to more than 500,000 a day SQL Injection is the fastest-growing security threat. Through the use of automated tools cybercriminals are searching for which sites are vulnerable to SQL injection. Such attacks allow hackers to break into networks that can lead to the breach of sensitive data.

Click here for more information.

UK to push for law to retain all communications data

Citing the EU Data Retention Directive does not go far enough and to prevent serious crime and terrorism the British government is pushing for its ISPs to capture and hold data regarding instant messages, e-mail and other electronic communications. The data retained would also include data from third-party services. The data is to be retained by the respective ISPs and not in a centralized database.

Click here for more information.

.TM Names Are Now One of the Most Secure on the Internet

Catering to trademarked and brand-conscience corporations serious about their corporate image the .TM Domain Registry has signed with DNSSEC, providing its users with enhanced security against phishing and the malicious community. As a first-of-its-kind for DNSSEC, .TM domain owners can update their DS records in real time.

Click here for more information.

Facebook Phishing Attack Powered by Zeus Botnet, Researchers Say

Asking Facebook users to click on the e-mail provided link to receive their updated password, phishers are using this method as another way to trick users in revealing their usernames and passwords.

Sending the phishing messages at 30,000 per minute as shown researchers the messages are coming from the Zeus botnet.

Click here for more information.

Internet phone systems become the fraudster’s tool

A new angle from cybercriminals include obtaining banking credentials by placing calls FROM the bank. Hackers are breaking into the phone systems of smaller banks because:

• Smaller banks can’t afford the security resources of larger banks.

• People like to bank with smaller local banks.

Hackers will break into phone systems and place calls to customers from the bank’s phone system. Using a prerecorded message regarding suspicious account activity bank customers are asked to respond by inputting their account number and ATM password.

This form of hacking is becoming easier because many of the phone systems are now Internet-based using VoIP.

Click here for more information.

U.K. Proposes To Cut-Off Pirates Internet Connections

The UK looks to curb illegal downloads by disconnecting violators from the internet. Violators would first receive a letter, followed by Internet slowdowns if they persist. If continued violators would face disconnection from the Internet. At this point Britain is looking at France’s 3-Strikes law in that disconnection would occur for a year.

Not mentioned was France’s use of a violator going before a judge to have their day in court before Internet connectivity has been disconnected. ISPs are not in favor of the UK’s move fearing they would have to become the police of the network.

Click here for more information.

Symantec reveals lack of confidence in online retailers

A recent study shows those in the UK have a higher trust in banks protecting their information than other organizations specializing in online retail. The same holds true with Germany in that, while not as confident as the Brits, Germans are more inclined to trust banks with their personal information than they are online-retailers.

Click here for more information.

China Expands Cyberspying in U.S., Report Says

A Congressional commission, formed in 2000 to investigate security implications of growing trade with China, found China’s efforts of extracting close to $40 to $50 billion worth of intellectual property from the US. The main target of this cyber espionage is that of defense technology.

Due to the sophisticated and targeted nature of the attacks, it is believed China is directly behind the effort as the information is specific and not something easily sold on the open market.

Click here for more information.

FBI and SOCA plot cybercrime smackdown

As reported in yesterday’s News Bits, the FBI, in conjunction with other foreign groups that deal with cyber crime are stepping up their efforts to curb organized cyber crime. The following story illustrates the extent to which cyber crime has become organized.

The Russian Business Network (RBN) was one such target. While eventually brought down it was discovered the RBN had, in its pocket, the local police, local judiciary and the local government of St. Petersburg. While surpassing all of the hurdles placed in their way the RBN was eventually brought down, however no prosecutions were made. The RBN is believed to have resurfaced under a different business model.

Click here for more information.

CRTC to allow telecoms to throttle web traffic but with new rules

Canadian views on Net neutrality are that it’s OK for network providers to throttle back traffic when necessary.

Under claims that telecoms used their power to throttle certain web usage the CRTC decided to implement stricter rules on when throttling may occur.

First of all, it is the CRTC’s preference that carriers invest in their network so capacity problems are not an issue. However, if capacity issues arise carriers can:

• Manage traffic by placing higher charges for heavy users of the Internet instead of limiting traffic.

• Throttling traffic only after retail customers receive at least 30 days notice while wholesale customers receive at least 60 days notice.

It was also noted that ISPs, who sell their broadband services in bulk to wholesalers can’t discriminate between the wholesaler and the ISP’s own customers.

Click here for more information.

Europe Paves Way for Three-Strikes Style ISP Disconnection Policy

The EU Parliament appears to be backing down to a more general form of legislation regarding illegal download of copyrighted material. The original, favored proposal was to have potential abusers disconnected from the Internet only after a judicial ruling. The new amendment drops the judicial ruling opening the way for ISPs to disconnect users without having a prior judicial review.

Click here for more information.

Pacnet addresses broadband demand in Asia

Connecting, through undersea cable, Hong Kong, China, Korea, Japan, Taiwan, the Philippines and Singapore, Pacnet is working to address the increased need for capacity by upgrading the Asian undersea cable network with an additional 3,600 Gbps of capacity.

The need for increased bandwidth comes from the increasing amount of digital content created in Asia. A 48% compound annual growth rate is expected between 2009 and 2015.

Click here for more information.

The broadband adoption dilemma

With approximately 96% of American households having access to broadband services, roughly 33% choose not to subscribe to broadband. The FCC would like to understand what is preventing people from converting to broadband. Of the 33% who choose not to subscribe, a sizable portion of those 33% who use the Internet do so through dialup.

Click here for more information.

ChoicePoint to pay $275,000 in latest data breach

Having already paid $15 million dollars after a 2005 data breach in which information on 163,000 people was compromised, resulting in 800 cases of identity fraud, the company was fined again for a 2008 data breach that resulted in personal information for 13,750 people being exposed.

An electronic security tool was turned off, used to monitor one of its databases. The switched-off monitor went unnoticed for 4 months. Unauthorized searches commenced for 30 days during the 4 month time period.

In addition to the fine ChoicePoint will need to provide reports to the FTC every two months for two years.

Click here for more information.

Experts See Forecast Worsen for Cybercrime

As reported in News Bits, cybercrime has become organized. Cybercrime is now part of Organized Crime. While the technology behind such organized criminal activity becomes more sophisticated, organizations fighting cyber crime are also adapting.

Law enforcement has a five piece strategy for fighting cyber crime.

• Infiltrate organized cyber crime groups where possible.

• Follow the money trail used for purchasing stolen data.

• Track stolen data so cards can be shut down before used.

• Revoke IP addresses of the servers used by cyber criminals.

• Issue public advisories to help educate and warn people of online hazards.

Click here for more information.

How is the Universal Service Obligation in Finland to be funded?

News Bits earlier reported that a new law passed in Finland declares broadband to be a legal right for its citizens.

With currently a 95% penetration, where will the money come from to connect the remaining 5% to the Internet?

First of all, the government has defined what is “acceptable” for Internet services. This minimum standards is to help the providers ensure they meet minimum level requirements.

Secondly, the cost of the service will come from the telecommunications operators, not directly from the citizens.

Third, the service providers will have the option to determine which technology they wish to use, whether that be DSL or wireless.

Fourth, FICORA (the Finnish Communications Regulatory Authority) would monitor pricing. If an unreasonable financial burden occurs for the any of the network providers FICORA will determine to what extent and request compensation for the network provider from state funds.

Click here for more information.

Internet advertising appears to begin its comeback

With people spending more time online, organizations are spending more of their advertising budget towards online advertisement. Online advertisement is not only less expensive than other forms of advertisement, online ad spending is easier to quantify.

By 2013 Internet advertising is to increase to 19% of all advertising revenue worth nearly $87 billion. The top spot, however, remains with television advertising with 36% of the market, worth $168 billion followed by newspapers with 20% of the market worth $92 billion.

The interesting aspects to note are while the newspaper ad space is still predicted to retain its number 2 slot, it does so only after a slide from 28% of the market in 2004 down to 20%. On the flip side Internet advertising has increased from its 2004 level of 4% up to 19%.

Also, Internet ad sales can be directly related to visits as companies can pay for ads only when their ads are clicked on by Internet users.

Click here for more information.

75% of Brits against cutting off illegal downloaders

While some countries have implemented “3-Strikes” laws that are aimed at punishing those found to be downloading illegal content by disconnecting such users from the Internet, Britain struggles with the issue. With the government in favor of implementing some form of punishment for illegal downloaders through Internet disconnection the government is looking to the ISPs to monitor and implement such actions.

ISPs, and now nearly 75% of Britain’s are opposed to having peoples’ Internet connectivity automatically cut-off for illegal downloading.

ISPs are against the process as it will cost an additional £1 million a day to implement. Citizens are not in favor of the automatic cutoff as they feel each case should be heard in court before judgment is passed. The British also feel that individual court cases would also protect users whose Internet connections were unknowingly used for purposes of illegal downloads.

Click here for more information.

Verizon CEO slams Net neutrality

As the Net neutrality debate continues in the US, pressure continues to mount from people and organizations on both sides of the issue.

To continue the topic Verizon’s CEO and Vint Cerf lend their opinions to the topic. Verizon’s CEO is adamantly against the FCC taking 6 Internet principles and moving them towards official regulation. The CEO says such “… regulation would pit network providers against application providers in a way that would ruin the Internet’s potential for economic growth and societal change.” He also feels network providers would not be able to obtain a return on investment towards trying to keep pace with network and bandwidth needs. He also feels the FCC would be more constructive if it spent its time towards increasing the amount of available wireless spectrum.

Vint Cerf, who favors Net neutrality, feels “the issue is nondiscriminatory against applications and against consumer choice.” He further states that, “… the fundamental concern is that the provider of broadband service not be able to take advantage of that to act in an anticompetitive fashion against others that are trying to provide competitive applications using the same broadband facilities.”

Click here for more information.

EU taunts US: Net neutrality’s better here

While the debate on Net neutrality begins to heat up in the US, with sides trying to decide on definitions before moving forward, the EU Commissioner in charge of Information Society and Media says Europe’s regulated approach to fostering competition will fair better than the deregulated approach argued by some in the US. This comment takes aim at the republican efforts to allow the Net to operate according to market demands.

Click here for more information.

What will talking power meters say about you?

Power companies are making the move towards installing intelligent devices at each home to make more efficient use of power distribution. Greater amounts of power will be provided when needed and power will be cut back by the power companies when power demand is at risk of outage. From the initial outlook the prospect of a “smart grid” is promising through the deployment of smart meters at each household.

The following story brings about what might happen with data collected on your power consumption habits. Might law enforcement utilize the information to determine the correctness of an alibi? Might credit bureaus or insurance companies penalize you because your power consumption patters match those of “troublesome” customers?

Obtaining information? California’s Pacific Power and Electric says it projects storing 170 megabytes of date per smart meter per year. What will be done with the data? What if the data is cross referenced by other organizations who have access to the information, whether through legal means or through purchase? Speculation at this point, however Europe has adopted a “data minimalization” approach to data collected by its utility companies. “Data minimalization” means utility companies are legally bound to collect only that information which is necessary to complete a transaction. As soon as the information is no longer needed the information is deleted.

Click here for more information.

Hackers Exploit Year’s fourth PDF Zero-Day

A bug has been determined through Adobe’s reader that allows hackers to gain control of a user’s computer through a user opening up a PDF document. While the vulnerability include the Mac and Linux platforms, the only reports Adobe has heard of are those dealing with the PC platform. Attacks thus far appear to be targeted towards executives, with the goal of obtaining confidential information from their computers.

Click here for more information.

Botnets Behind Most Modern Malware Infections

Botnets have traditionally been used for the distribution of spam. While still used for the distribution of spam a growing trend is how cyber criminals are utilizing botnets for the distribution and activation of malware.

The common aspect of all botnets is all bots need to receive instruction from a command and control server. In this case cyber criminals are finding botnets provide an extra layer of anonymity they didn’t have before. If officials are wishing to trace back a malicious attack via IP address they will now be met with the IP address of a computer which has been turned into a bot.

Click here for more information.

Bitbucket’s Amazon DDoS – what went wrong

News Bits recently reported on Bitbucket’s 19 hour outage due to a DDoS attack. Utilizing Amazon’s Elastic Compute Cloud to provide Bitbucket’s scalable processing resources, the following story looks at the aftermath of how the attack was able to occur and for how long. The story discusses several exposures that allowed the attack to last for such a long period of time.

Some of the problems dealt with where, on the network, Bitbucket’s storage was located. It was also discovered where the cloud’s QoS implementation did not work as expected.

Click here for more information.

Time Off

Please note News Bits will not be published next week due to a week off. Enjoy your week!

US relaxes grip on the internet

Today marks the end of the Joint Project Agreement (JPA) between ICANN and the US Government. The JPA was designed for the US government to review the work of ICANN.

The JPA is being replaced by the Affirmation of Commitments; a document turning the review process to the global Internet community. Instead of producing and submitting reports to the US government for review ICANN will now be submitting reports to the international community for review and input.

The US will have a permanent seat on the accountability panel; one of three groups designed specifically for overseeing ICANN’s work. The US will also have a seat, along with close to 100 other countries, on the GAC (Governmental Advisory Committee). ICANN is still under contract with the US Government to run the Internet Assigned Numbers Authority (IANA), a contract set to expire in 2011. IANA oversees the Internet’s addressing system.

Click here for more information.

Banking Trojan steals money from under your nose

The URLZone Trojan has landed on German Windows-based computers. Exploiting holes in Firefox, IE6, IE7, IE8 and Opera, the Trojan, when a user logs into their bank for financial transactions, will log the users credentials, transfer funds from the user’s account to another account while at the same time displaying a false balance to the user. Subsequent logins by the user will continue to show false amounts. The only way for the user to discover the imbalance is if the user logs into an account from a different computer, uses the ATM or is notified of insufficient funds.

Click here for more information.

Dutch ISPs Sign Anti-Botnet Treaty

14 of the Netherland’s ISPs, covering 98% of the country’s Net users, banded together to fight botnets. While working with end users to clean up infected machines is a money looser for ISPs, having to continually deal with DoS and DDoS attacks is also a large waste of resources and money. Such a move also aids in the resilience of the Netherlands’ Internet structure as the more computers that can be controlled from outside of the Netherlands’ boarders lessens the chance that such compromised systems can launch an attack on the Netherlands from within its own borders.

The ISPs will:

• Exchange relevant information among the cooperating ISPs

• Quarantine infected computers

• Notify end users of possible infection

Last month News Bits reported a similar initiative by Australia’s ISPs through the country’s Internet Industry Association (IIA).

Click here for more information.

Researchers unmask two faces of zombie networks

Responsible for 87.9% of all junk e-mails, botnets are the root of such nuisance

Cutwail, once responsible for 45.8% of all spam essentially collapsed with the take-down of California-based ISP 3FN. Filling in for Cutwail are Grum, responsible for 23.2%, and
Bobax, responsible for 15.7% of spam. The new botnet on the block regarding spam is Maazben, account for 1.4% of spam messages in September. Maazben has grown since the month before the botnet produced 0.5% of spam.

Rustock is the only botnet, accounting for 1.3 to 1.9 million bots, that spews spam on a regular cycle.

The other side of the botnet world deals with what was reported in News Bits earlier this month; the development of small, boutique botnets designed to extract information from within enterprise networks.

Click here for more information.

Confiker Showdown: No End In Sight

With a botnet size of 5.5 to 6 million computers Confiker seems far from going away. The three variants of Confiker, A, B and C continue their infection rate despite the efforts from organizations to develop tools designed to eradicate the Trojan. While the size of Confiker C continues to decline Confiker’s earlier versions, A and B continue to form a massive botnet of around 5.5 million computers.

Countries most impacted by Confiker are Brazil, China, Vietnam, Russia, Indonesia, India, the Philippines, Thailand, South Korea and the Ukraine.

Click here for more information.

Singapore to Form National Cyber-Security Agency

The Singapore Infocomm Technology Security Authority (SITSA) is a new government-sponsored agency designed to deal with threats to national security. Such threats include external threats such as cyber-terrorism and cyber-espionage. SITSA will reside under the Internal Security Department of Singapore’s Ministry of Home Affairs.

Click here for more information.

Up to 9 Percent of Machines In An Enterprise Are Bot-Infected

Bot infections are on the increase in enterprise networks. Smaller than the traditional BotNets, these smaller botnets (nearly 60% of the 600 botnets studied in a recent survey) have only a handful to a few hundred bots that make up the botnet. Only 5% of the bots found on enterprise networks were tied to the large botnets, such as Zeus/ZDbot and Koobface.

Bot growth within enterprise networks grew 5%-7% last year and is in the range of 7%-9% this year.

Analysis shows the smaller botnets are more focused in their attacks. They are also more “aware” of the network on which they reside, receiving commands to navigate network shares, retrieve files and access databases. The information retrieved is later up for sale on the cybercriminal market.

To help avoid detection, such botnets utilize different pieces of malware. Damballa, one of the larger botnets, consisted of 50,000 machines, yet operated on just less than 100,000 different forms of malware. Even the smaller botnets use hundreds of different malware pieces.

Click here for more information.

Malware torrent delivered over Google, Yahoo! Ad services

Cyber criminals were able to slip malicious banner ads onto ad syndication services operated by Google, Yahoo and ValueClick. Users, clicking on the malware-laced ads, found their computers infected with a Trojan. After three days the malicious ads ended when the website disappeared.

Click here for more information.

Pill spam: The hard figures

At the heart of the Canadian pharmacy spam engine is the Russian affiliate of spam and malware known as “partnerka”, boasting 124,000 Canadian pharmacy websites where takers of the spam e-mail can purchase their pills. Of the “partnerka”, GalvMed powers the Canadian Pharmacy websites. GalvMed’s sister organization, SpamIT, is allegedly the behind the Storm, Waleded and Conficker botnets.

With an average order of $200 and a commission fee as high at 40%, 20 drug purchases per day can yield $1,600 in commissions per day.

Click here for more information.

UK Music Artists Agree Softer Policy to Tackle Illegal ISP File Sharers

In the wake of “3-Strikes” laws either passing or being defeated, UK music artist agree with a 3-strikes law with a twist. Instead of disconnecting a user from the net, who has already received two warnings to stop their downloading of illegal music of videos, or sending them before a judge to pass judgment on whether they are to keep their Internet connection as well as pay fines, this group of UK artists have agreed to restrict bandwidth instead of completely disconnect the user. Under this proposal bandwidth would be restricted to the point where the downloading of music or videos would no longer work, but they could still access websites and use e-mail.

Click here for more information.

Spuds and Spam: Idaho No. 1 Most Spammed State

While this story talks about the most, and least spammed states in the US, the interesting statistic is on a global basis, 4 and 6 million bots worldwide produce the majority of the globe’s spam. Such botnets serve-up over 87% of all unsolicited e-mail, which roughly equates to 151 billion spam e-mails per day.

Click here for more information.

Chinese hackers target media in anniversary run-up

A flurry of e-mails are circulating throughout China containing attachments designed to exploit flaws in Adobe’s applications. At risk is the installation of a Trojan. It is not uncommon for malicious e-mails to circulate around China prior to an important event. October 1 is the 60th anniversary of the Communist party coming to power in China.

It is not known if the Chinese government is behind the attacks, or simply closes its eyes and lets it happen. Those targeted with the e-mail have all been hired through the Chinese Foreign Ministry.

It is also expected that prior to October 1 the government will initiate stricter ISP-level censorware filters.

Click here for more information.

Bold Rwanda takes broadband leap

With 50% of its population aged 14 years old and younger, the country’s president knows they will be looking for jobs in 4 to 5 years. Having stated wishing for Rwanda to become the Singapore of Africa, as far as attracting businesses and turning the country into a hi-tech economic innovator, the president knows the Internet is key to attracting business and sourcing jobs. Broadband is key to realizing this dream. By November this landlocked country is expected to be connected to the new undersea fiber cable that runs along east Africa. Current Internet access is via slow speed and expensive satellite connectivity.

As reported in previous News Bits stories, the connectivity currently realized by Kenya has not brought the high speeds and low costs as expected. So while Rwanda may face the same initial reality, it is the start towards moving towards their dream.

Click here for more information.

Most Businesses ready for Flu Pandemic?

The H1N1 has continued to spread around the globe. Fortunately analysts are reporting the flu is weaker than expected, however, as with other flu strains, one strain can mutate into a stronger form.

What this has done if force organizations to think how they will handle a sizable employee outage should the flu impact their ortanization’s community of employees. 71.4% of public sector organizations and 71.4% of private companies have business continuity plans in place. Only 55.6% of the private organizations have addressed the H1N1 flu threat in their plans. 70.8% of public organizations have addressed the H1N1 flu threat.

Comment: In the mid 2000s the Bird Flu posed an ominous threat. At that time, in talking with the emergency manager of a large, global corporation along with the emergency manger for one of the US’ major government agencies, key to both organization’s continued operation was the Internet. Having a reliable Internet with broadband connectivity for its employees was of major importance. All of this underscores the value of organizations forming the Internet’s substructure. This also underscores the fact that broadband is becoming a resource critical to a nation’s infrastructure.

Click here for more information.

French parliament approves ‘three-strikes’ anti-piracy law

Struggling to reach final agreement, forcing the bill to go through committee for final compromises, the French parliament finally passed by close to a 2 to 1 margin. The bill provides for tougher penalties as well as hands judgment to a judge instead of an automated process. The bill also can penalize one for not securing their Internet connection, thus nullifying to option for defendants saying it was not their fault and that it must of have been someone who “used” their link.

The first bill passed by the parliament was declared unconstitutional by France’s supreme court.

Click here for more information.

Network Neutrality’s Real Battle: Mobile

While the FCC is moving forward to embrace Network neutrality the main conversation has rested with neutrality of traditional, wired networks. The largest part of the discussion that still needs to be heald deals with extending Net neutrality on wireless networks.

With the recent explosive use of wireless networks one fear is such networks cutting VoIP applications so as to keep customers hooked on traditional cell phone minute plans. Trade groups are already raising areas of regulation on wireless networks would stifle innovation and cripple already overcrowded networks.

Click here for more information.

Repub Bill Would Choke New Network Neutrality Rules

As reported in yesterday’s News Bits, the FCC Chair added two more principles he hopes will be adopted into official commission rules regarding embracing Net neutrality.

In reaction to the chairman’s move, six republicans have introduced a bill that would stop the FCC from spending money on any new regulatory mandates. The republicans fear the new regulatory restrictions and mandates would stifle investment incentives.

Click here for more information.

Scaling the Root

An independent, third party organization was selected to analyze the impact of scaling the root in order to meet future needs currently on the horizon.

Currently the root zone is relatively small and changes slowly. This is expected to change with the support of DNSSEC, the addition of IDNs, support for IPv6 and the addition of new TLDs.

As a result of the study it is found DNSSEC will have the largest impact to the root zone and is suggested that DNSSEC be added prior to the addition of IDNs, IPv6 and new TLDs. While the addition of new TLDs will have an increased entry of 1 per new TLD, the implementation of DNSSEC results in a increase of the root zone data by 4.

Another way of looking at impact of changes is:

• New TLDs and IDNs will increase the number of TLD entries in the root zone.

• New TLDs, DNSSEC, IPv6 and IDNs will, in their own right, will increase the size of the root file.

• DNSSEC, IDNs and IPv6 will increase the amount of data required for each TLD.

• DNSSEC and IPv6 will increase the number of variables per TLD.

• DNSSEC and IPv6 will increase the number of changes per TLD per year.

Click here for more information.

Security Just Got A Lot More Complicated

Remaining undiscovered for more than a year, security researchers stumbled across an new form of malicious software. Known as Induc, this innovative piece of malware performs its nasty business through the use of a compiler. Induc infects compiled code while leaving a program’s source code alone. So while the source code looks fine the malware resides in the unreadable compiled code. Induc currently operates upon Delphi, versions 4.0 to 7.0. What makes this harmful is the malicious code can reside in complied code that has been digitally signed since the source code has remained untouched.

Click here for more information.

Facebook app flaws create Trojan download risk

A Romanian hacker has discovered Facebook applications that have cross-site scripting vulnerabilities. Five applications developed by Newscloud have been discovered to have the vulnerability. At this point access to the five applications have been blocked by Newscloud.

Click here for more information.

FCC chairman proposes Net neutrality rules

Net neutrality is, “…not about government regulation of the Internet. It’s about fair rules of the road for companies that control access to the Internet” says FCC Chairman, Julius Genachowski.

October is the expected timeframe for when an FCC panel will vote on adopting general guidelines into official commission rules.

The six principles that may be turned into official commission rules are:

1. “Accessing content. The first rule states that consumers should not be limited in the content they choose to view online, as long as it’s legal.”
2. “Using applications. Internet users should be able to run any application they want as long as they don’t exceed service plan limitations or harm the provider’s network. ”
3. “Attaching personal devices. Consumers should be permitted to connect products they buy to their Internet connection, as long as the devices operate within the service plan and do not harm the network or enable theft of service. ”
4. “Obtaining service plan information. Customers should be able to easily review their options when buying Internet service plans and learn about how those plans protect against spyware and other invasions of privacy. ”
5. “New rule: Non-discrimination. Internet providers would be prohibited from selectively blocking or slowing Web content or applications. ”
6. “New rule: Transparency. Providers would be required to make their network management practices clear and available to consumers. ”

Click here for more information.

Tech Insight: How To Make Business Partner Security Work

In a study of 500 data breaches over the last 4 years, 57% involved partner networks used by an external attacker. Understanding what data partners need to have access to and at what times can allow access to be tightened, thus mitigating damage due to data breaches.

Click here for more information.