FCC

U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) is now posted

The FCC’s Communications Security, Reliability and Interoperability Council’s (CSRIC) has now posted the U.S. Anti-Bot Code of Conduct (ABCs) for Internet Service Providers (ISPs) . This voluntary code of conduct is a milestone for the industry – placing new expectations on the eco-system required to safe guard our telecommunications system. The core of the code Read More

DCWG

DNSChanger – New tool to clean up the infection

DNS Changer (see http://www.dcwg.org/) has been a “thick” piece of malware to remediate. At the start of the take down we have ~600K violated computers. Today we’re at ~400K computers. Not an impressive clean-up record. Why? The operational security community has no effective tools that an average user can use to start cleaning up their Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

Private-to-Private Collaboration with Public Participation

The Cybersecurity Act of 2012 has now been posted. The dialog of representative government as started with enlightenment on what is important to a different interest. Coincidentally, this act is directly applicable to the principle of aggressive private-to-private collaboration with public participation. The act ‘could’ significantly help our cyber-security capabilities OR it could dramatically hurt Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

2012 – A year of Cyber-Security Optimism

The wave of annual cyber-security predictions of doom are coming to a close. Every year security experts would talk about how malware infections are spreading, botnets are going to cause catastrophic damage, the evil “Chinese peril” are stealing everything on-line, and the next Cyber “Perl Harbor” is just around the corner. Many people just ignore Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

If I say it over an over again, it must be true …

“Keeping to your message, repeat it many many time, and ignore the criticism” are key principles of success in Washington DC policy work. It does not matter if the message is true, based on facts, or have any empirical data to support your assertion. The point is the “message” is a tool to support the Read More

I2Cyber

New Intelligence Squared debate – The “Cyber-War” threat has been Grossly Exaggerated

Thanks to Intelligence Squared (I2) and Neustar for first – bring I2 outside of New York  and second for setting up a Oxford style debate to address the “market saturation” of the cyber-warfare threat. I’ve been a strong critic of the over hype, exaggeration, and fiction expounded by “individuals” who call themselves “experts” stirring up Read More

1200px-Conficker.svg

Conficker – the “Fortunate 500”

Conficker has been a dual edge sword to the industry. On one hand, it a nasty “weapons grade” hijacking malware with nefarious consequences – ranging from a platform for crime to a threat  Global Telecom’s, SCADA, and other critical infrastructure.  On the other hand, it is an example of what cyber-civic society can do when Read More

Yoda-in-Star-Wars-Revenge-of-the-Sith

NSP-SEC Top 10 SP Security Techniques – Updated Slides

At NANOG 47, I gave an update to the NSP-SEC Top 10 Security Techniques. This tutorial has the video posted on the NANOG archives. I’ve posted the slides here for those who have not viewed or downloaded them. Slides 1 – 127 Slides 128 – Finish Questions, suggestions, and views are welcomed.

Yoda-in-Star-Wars-Revenge-of-the-Sith

The flaws with the 60 Minute Report on “Cyberwar: Sabotaging the System”

We need to expect more out the press, policy makers, and the pontificating “Cyber-warfare Experts” producing stacks of reports about the “Cyber-security threat.” Graham Messick, the CBS producer of this 60 minutes episode on “Cyberwar: Sabotaging the System,” did not do his due diligence as a reporter. A standard tool for building balance in a Read More