This week, we saw an indication of what could be massive disruptions on the Internet. Way back in 2002, I pointed out our continued vulnerability to prefix injection attacks – from intentional and unintentional insertions (see NANOG BGP Security Update). This weekend, we had the Pakistan Telecom Authority (PTA) order their ISPs to block access Read More
Submarine Cable Cuts – What is the Real Story?
We’ve seen a flurry of outages on some of the major submarine cable systems: http://www.getit.org/Mediawiki/index.php?title=Submarine_Cable_Systems_in_the_News Some points everyone is missing. First, as I pointed out on a NANOG post, cable outages happen all the time. Nothing new. that is why we have a large fleet of ships to repair cables. At the time of these Read More
Today’s Cyber-crime – There is always two victims ….
Victimize one to victimize another is one interesting characteristic of cyber-crime over physical world crime. There is the victim of the crime (i.e. the one who lost the money) and the victim who unknowingly gets used to execute the crime. These unknowing victims range from home computers which have been botted, to Service Provider’s whose Read More
“Security” is not a Big Bet, it is a fundelmental technology ….”
In other word, I feel no security pain. If I feel no pain, then security is not a top priority for me. But if I let my investors and customers know that I’m not putting security at the top of my list, they will think badly of me. It is the essential security trap – Read More
E-Bay’s Romainan Deliema
EBay goes far to fight fraud — all the way to Romania December 26 2007 http://www.latimes.com/business/printedition/la-fi-ebay26dec26,0,2611360.story While some may applaud E-Bay’s, the US FBI, US Secret Service, and other’s activities battling cyber-crime in Romania, this article does not paint a picture of optimism. The reality is that we’ve had NO success in Romania – Read More
Are We Ready for IP-NGN?
IBM’s 2007 Survey of SP’s “The State of Security in Carrier Service Delivery” is out and making the rounds of the security trade journals. While surveys like these are obvious marketing tools (i.e. buy IBM’s security consulting services and products), the results are useful data points. “… 87 percent of the curvey participants indicated that Read More
Turning the Corner?
Are we about to turn the corner in our battle with cybercrime? Is our threat vector about to make a dramatic change of direction? Is the really light at the end of the tunnel? A year ago, the available data would have me believe that the problem will never get better. The month all has Read More
Security’s Dilemma – Damed if you do, Damed if you don’t
The Security Trap of all in the profession ….. If you do your security job well … you management ask “What are you doing and why am I spending all the money on security?” If you do not do your security job well …. management ask ” Why didn’t you do something to keep this Read More
Australia, ITU, and the “Botnet Mitigation Toolkit” – Missing the Point
We’re seeing a lot of press visibly around the ITU and a new effort around a BOTNET Mitigation Toolkit. (see Hunters kill off zombies ). It is fantastic that we have another education avenue for Service Provider (SP) Executives, Government Policy Makers, and Regulators. But there is a reality SP Engineering, Operations, and Abuse need Read More
Victimized Customers – Botnet’s Triple Edge of Crime
Security pundits and professionals love to extol the badness of how botnets can be used to perpetrate crime. They unhesitatingly point out how operators allow these botnets to exist unintended, taking up resources, bandwidth, server time, and contagion. For the computers infected with the bots, no sympathy. They are core to the evil of the Read More