Subscribe: CircleID: News Briefs
http://www.circleid.com/rss/rss_news/
Preview: CircleID: News Briefs

CircleID: News Briefs



Latest news postings on CircleID



Updated: 2017-02-24T01:22:00-08:00

 



FCC Gives Approval to LTE-U Devices

2017-02-23T17:22:00-08:00

Ericsson, Nokia get go-ahead for LTE-U base stations despite early fears they might interfere with Wi-Fi – Jon Gold reporting in Network World: "The Federal Communications Commission today approved two cellular base stations — one each from Ericsson and Nokia — to use LTE-U, marking the first official government thumbs-up for the controversial technology. ... T-Mobile has already announced that it will be deploying LTE-U technology… Other major tech sector players, including Google, Comcast, and Microsoft, have expressed serious concerns that LTE-U doesn't play as nicely with Wi-Fi as advertised."

Follow CircleID on Twitter

More under: Mobile, Policy & Regulation, Wireless




Security Researchers Announce First SHA-1 Collision, Confirming Fears About Its Vulnerabilities

2017-02-23T16:50:00-08:00

(image)

In a joint announcement today, Dutch research institute CWI and Google revealed that they have broken the SHA-1 internet security standard "in practice". Industry cryptographic hash functions such as SHA1 are used for digital signatures and file integrity verification, and protects a wide spectrum of digital assets, including credit card transactions, electronic documents, open-source software repositories and software updates.

"Today, 10 years after of SHA-1 was first introduced, we are announcing the first practical technique for generating a collision," said the Google Team in a blog post today. "This represents the culmination of two years of research that sprung from a collaboration between the CWI Institute in Amsterdam and Google. ... For the tech community, our findings emphasize the necessity of sunsetting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates. ... We hope our practical attack on SHA-1 will cement that the protocol should no longer be considered secure."

What types of systems are affected? "Any application that relies on SHA-1 for digital signatures, file integrity, or file identification is potentially vulnerable. These include digital certificate signatures, email PGP/GPG signatures, software vendor signatures, software updates, ISO checksums, backup systems, deduplication systems, and GIT." https://shattered.io/

"This is not a surprise. We've all expected this for over a decade, watching computing power increase. This is why NIST standardized SHA-3 in 2012." Bruce Schneier / Feb 23

Follow CircleID on Twitter

More under: Cyberattack, Security




FCC Rolls Back Net Neutrality Transparency Rules for Smaller ISPs

2017-02-23T13:54:00-08:00

The Republican-controlled FCC on Thursday suspended the net neutrality transparency requirements for broadband providers with fewer than 250,000 subscribers. Grant Gross from IDG News Service reports: "The transparency rule [official FCC release], waived for five years in a 2-1 party-line vote Thursday, requires broadband providers to explain to customers their pricing models and fees as well as their network management practices and the impact on broadband service. The commission had previously exempted ISPs with fewer than 100,000 subscribers, but Thursday's decision expands the number of ISPs not required to inform customers. Only about 20 U.S. ISPs have more than 250,000 subscribers. The five-year waiver may be moot, however."

Follow CircleID on Twitter

More under: Access Providers, Net Neutrality, Policy & Regulation




NTIA Extends Comment Period for Its Paper "Fostering the Advancement of the Internet of Things"

2017-02-23T10:52:00-08:00

Robert Cannon writes: Over the past year, the National Telecommunications and Information Administration in the Department of Commerce has convened a series of meetings and sought feedback on the policy implications of the Internet of Things. In January, prior to the administration transition, NTIA released a draft working paper Fostering the Advancement of the Internet of Things (also reported here on CircleID). It is unclear how agency work released in January might survive the transition. However, indicating that NTIA's IoT paper is still viable, NTIA under the new administration released a notice extending the comment period on the draft. Comments will now be accepted until March 13, 2017.

Follow CircleID on Twitter

More under: Internet of Things, Policy & Regulation




SBI, One of India's Largest Banks, Switching Its Domain to Branded TLD, bank.sbi

2017-02-22T15:26:00-08:00

The State Bank of India (SBI) has announced it will be switching its domain name from "sbi.co.in” to the branded "bank.sbi", according to various news sources. SBI is the first banking organization in India to move its online presence under a new gTLD. With the switch to the branded TLD, SBI has said it aims to simplify the digital experience of customers and bring in enhanced security against phishing and lookalike websites. "SBI being the largest bank has always been the pioneer in adapting new technology. SBI has always believed in providing high-tech yet secure internet experience to its customers. Bank's own gTLD is another step in this direction," SBI's Chairman Arundhati Bhattacharya said in a statement.

Follow CircleID on Twitter

More under: Domain Names, Top-Level Domains




Hacked ICANN Data Still Selling on Black Market Years After Breach

2017-02-22T14:54:00-08:00

"Three years after hackers used a spearphishing attack to successfully gain access to internal data at the Internet Corporation for Assigned Names and Numbers (ICANN), the data is still being passed around and sold on black markets for $300, complete with claims that it’s never been leaked before," reports Patrick O'Neill in CyberScoop. "The 2014 breach allowed hackers to take ICANN’s internal emails and wiki, its administrative data files, its blog and the Whois portal. ICANN, which has been the target of many cyberattacks over the years, possesses much more critical information due to its day-to-day management of top-level domains ... The fact that nothing else slipped out is a testament to good security. But even a little data from such an important organization has black-market value for years."

Follow CircleID on Twitter

More under: Cybercrime, Security




Interpol's Michael Moran Receives 2017 M3AAWG Litynski Award

2017-02-22T14:38:00-08:00

(image)

Michael "Mick" Moran, assistant director of INTERPOL's Vulnerable Communities Unit, was honored at the 39th general meeting of the Messaging, Malware and Mobile Anti-Abuse Working Group for his personal commitment to this challenging work and for fostering international cooperation to fight online exploitation. Moran, who has helped rescue thousands of child abuse material victims since he started working in the field in 1997, challenged the internet industry to do more to protect innocent children as he received the 2017 M3AAWG Mary Litynski Award.

The M3AAWG Mary Litynski Award recognizes the life-time achievements of a person whose work has significantly contributed to the safety of the online community. In his acceptance presentation and in a video for the M3AAWG YouTube channel, Moran outlined some of the changing strategies in battling child abuse materials and offered suggestions on how the industry can better safeguard its networks.

Follow CircleID on Twitter

More under: Cybercrime, Security, Web




Deloitte: DDoS Attacks to Enter Terabit Era in 2017

2017-02-22T14:10:01-08:00

(image)

Distributed Denial-of-Service (DDoS) attacks will become larger in scale, harder to mitigate and more frequent, says Deloitte in its annual Global Predictions 2017 report. It predicts "there will be on average a Tbit/s (terabit per second) attack per month, over 10 million attacks in total, and an average attack size of between 1.25 and 1.5 Gbit/s (gigabit per second) of junk data being sent. An unmitigated Gbit/s attack (one whose impact was not contained), would be sufficient to take many organizations offline."

Anticipated escalation in DDoS threat is based on three concurrent trends: the growing installed base of insecure Internet of Things (IoT) devices; the online availability of malware methodologies, such as Mirai, which allow relatively unskilled attackers to corral insecure IoT devices and use them to launch attacks; and the availability of ever higher bandwidth speeds.

Entities that should remain particularly alert, according to the report, include: retailers with a high share of online revenues; online video games companies; video streaming services; online business and service delivery companies (financial services, professional services); and government online services (for example, tax collection).

The report also shares a range of options that companies and governments should consider to mitigate the impacts of DDoS attacks – they include: decentralizing, bandwidth oversubscription, testing, dynamic defense among others. (Full report available here)

Follow CircleID on Twitter

More under: Cyberattack, DDoS, Internet of Things, Security




CFR Report: Reversing IANA Transition by Trump Administration Would Be a Grave Mistake

2017-02-22T12:19:01-08:00

(image)

Council on Foreign Relations has released a brief today authored by Megan Stifel, former director for international cyber policy at the U.S. National Security Council in the Obama administration, urging Trump administration to not back away from the IANA transition and to instead invest in the multistakeholder process. In the report titled, "Maintaining U.S. Leadership on Internet Governance," Stifel writes: "Given President Trump’s campaign statements, the U.S. government might attempt to reverse the IANA transition, possibly through lawsuits or by unilaterally reimposing NTIA’s oversight function. Such a move would be a grave mistake."

"Given that the transition is effectively irreversible, the United States needs to respond to new institutional and political realities and find alternative ways to maintain its influence on internet governance."

"Reversal of the transition would also undermine ICANN’s critical operations beyond administering the IANA functions, such as managing domain names. The appearance that ICANN is susceptible to the whims of the U.S. government threatens the integrity of its decision-making processes, which may discourage businesses and civil society groups from continuing to voluntarily participate in them."

"Short of reversal, the Trump administration might choose to distance itself from internet governance matters to delegitimize a model it does not believe in. This too would be a mistake because it would reduce U.S. influence over internet policy and leave authoritarian regimes to fill the vacuum."

Also included in the brief are a set of recommendations for the U.S. government to reduce critical Internet vulnerabilities, build trust, and to empower newcomers to the Internet governance process. Read the full report here.

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation




Upcoming Event: DNS Measurements Hackathon 2017

2017-02-16T13:32:00-08:00

RIPE NCC will be hosting the fifth hackathon event in Amsterdam, on 20 and 21 April, 2017. Operators, designers, researchers and developers are invited to take on the challenge and join in developing new tools and visualizations for DNS measurements.

More about this event from RIPE NCC:

The RIPE NCC's fifth hackathon event offers an opportunity for collaboration on the development of new tools for DNS operators using data provided by the RIPE NCC (via RIPE Atlas, DNSMON, etc.). The event will bring together people with a variety of skills so as to encourage the combination of different types of expertise and inspire creativity.

Participants in the hackathon will discover new ways of tapping into the rich source of DNS measurement data to devise and implement helpful tools and create informative visualizations. This is your chance to get involved, get in touch with other people working in your field, get access to the RIPE NCC’s DNS measurements data and get to work on making something that could be of benefit to the entire internet community.

When & Where:

Date: 20-21 April 2017
Time: Thursday 9:00-19:00, Friday: 9:00-21:00 (including social event)
Location: Amsterdam, the Netherlands

Interested in participating? See the full details here.

Follow CircleID on Twitter

More under: DNS




Security Expert Bruce Schneier Calls for Creation of New Government Agency for IoT Regulation

2017-02-15T15:33:00-08:00

During a talk at the RSA Conference, security expert Bruce Schneier called for the creation of a new government agency that focuses on internet of things regulation, arguing that "the risks are too great, and the stakes are too high" to do nothing. Rob Wright reporting in TechTarget: "During a wide-ranging talk on internet of things regulation and security at RSA Conference 2017, Schneier, CTO of IBM Resilient, made the case that government intervention is needed to address threats such as the Mirai botnet. He described IoT security as a unique problem because manufacturers have produced many devices that are inherently insecure and cannot be effectively patched, and IoT malware has little impact on the actual devices. Because compromised devices are used to attack third parties ... there is little incentive on the part of the users and device manufacturers to act."

Follow CircleID on Twitter

More under: Internet Governance, Internet of Things, Policy & Regulation, Security







ICANN to Push Ahead with New .Africa TLD Despite Ongoing Court Case

2017-02-13T20:41:00-08:00

"Internet overseer ICANN will push ahead with a new ".africa" top-level domain, despite having twice been ordered not to because of serious questions over how it handled the case." Kieren McCarthy reporting in The Register: "Earlier this month, a Los Angeles court refused a preliminary injunction against ICANN that would prevent it from adding .africa to the internet and allowing South Africa-based ZA Central Registry (ZACR) from running it. The decision was just the latest in a lengthy battle between DotConnectAfrica (DCA), which also applied for the name, and ICANN, which decided to disqualify DCA back in 2013 on grounds that were later shown to be highly questionable."

Follow CircleID on Twitter

More under: ICANN, Top-Level Domains




Pakistan to Get Its Country TLD in Urdu

2017-02-13T20:30:00-08:00

(image) A resolution was recently passed by the Internet Corporation for Assigned Names and Numbers (ICANN) Board to enable the local community of Pakistan to use and register domain names in its native Urdu language. While Pakistan already has ".pk" top-level domain, dot Pakistan (پاکستان) is considered an important step towards creating a digital Pakistan through local content. Pakistan's Ministry of Information Technology (MoIT) approved the request for internet registry Pakistan in consultation with stakeholders committee members including Academia, Civil Society, Internet Community, ISPAK, National Language Authorities, PASHA, PTA, and Governments. Once the resolution is fully passed, National Telecommunication Corporation will manage the internet registry پاکستان.

Follow CircleID on Twitter

More under: Domain Names, ICANN, Top-Level Domains




Los Angeles Court Rejects Demand for Preliminary Injunction Preventing ICANN Delegating .AFRICA

2017-02-10T11:26:00-08:00

"A Los Angeles court has rejected a demand for a preliminary injunction preventing ICANN delegating .africa, meaning the new gTLD can go live soon." Kevin Murphy reporting Domain Incite: "Judge Howard Halm ruled February 3, in documents published last night, that the “covenant not to sue” signed by every new gTLD applicant is enforceable and that Africans are being harmed as long as .africa is stuck in legal limbo. The ruling comes two and a half years after ZA Central Registry, the successful of the two .africa applicants, signed its Registry Agreement with ICANN."

Follow CircleID on Twitter

More under: ICANN, Law, Top-Level Domains




Report on Why Cameroon Has Blocked the Internet

2017-02-08T11:06:00-08:00

Three weeks have passed since reports of Cameroon blocking the internet in English-speaking parts of the country and residents say services have yet to be restored. So what is going on? BBC reports: "Cameroonians have little doubt that pulling the plug on internet services for about 20% of the population is an intentional act by the government. The two regions affected, South-West and North-West, have seen anti-government protests in recent months. ... the authorities had sent text messages direct to mobile phone subscribers, notifying them of penalties, including long jail terms, for "spreading false news" via social media."

Follow CircleID on Twitter

More under: Access Providers, Censorship, Internet Governance




Iraq Shuts Down Internet Once Again to Combat Cheating

2017-02-06T11:53:00-08:00

Earlier this morning, the national fiber backbone of Iraq was taken offline in an effort to combat cheating on 6th grade placement exams. Doug Madory reporting in Dyn Research blog says: "2017 marks the third year Iraq has used government-directed internet blackouts to combat cheating on student exams. These recent outages are a continuation of a growing (and somewhat puzzling) trend by governments in many developing parts of the world to cut communications services in a desperate attempt to staunch rampant cheating on high-stakes student exams."

Follow CircleID on Twitter

More under: Access Providers, Internet Governance




FCC Ends Inquires Into "Zero Rating" Programs

2017-02-03T13:04:00-08:00

"AT&T and Verizon just got a free pass from the FCC to divide up the internet," Colin Lecher reporting in The Verge. "Under recently departed chairman Tom Wheeler, the FCC opened inquiries into how companies might be using free data programs to anti-competitively favor certain streaming music and video services. But a new, President-Trump-appointed chairman recently took over at the FCC, and according to letters just posted by the agency, the inquiries have been dropped. ... Companies that offer such programs allow customers to stream music and video without it counting toward a data plan limit, in a process called 'zero-rating'. ... Net neutrality advocates have long contended that such programs harm competition."

Follow CircleID on Twitter

More under: Mobile, Net Neutrality, Policy & Regulation, Wireless




Thick Whois Policy for .COM Goes Live

2017-02-02T11:37:00-08:00

"The domain name industry is kicking off one of its most fundamental shifts in its plumbing this week." Kevin Murphy reporting in Domain Incite: "Over the next two years, Verisign and every registrar that sells .com domains will have to rejigger their systems to convert .com from a “thin” to “thick” Whois. This means that by February 1, 2019, Verisign will for the first time control the master database of all Whois records for .com domains, rather than it being spread piecemeal across all registrars."

Follow CircleID on Twitter

More under: DNS, Domain Names, Registry Services, Whois




Report Looks at Humanitarian Futures for Messaging Apps

2017-02-01T13:26:00-08:00

(image)

To develop responsible, effective and safe ways to use messaging apps, organizations need to better understand the opportunities and risks they present — new research report released by The Engine Room in partnership with International Committee of the Red Cross (ICRC) and Block Party. From the report: "Messaging apps are the fastest growing form of digital communication ever, with smartphone ownership rising rapidly around the world and messaging becoming many people's favorite way to communicate. But what does this mean for humanitarian organizations? ... In some situations, messaging apps may be the only way that people caught up in armed conflict or crises can communicate with family, friends or humanitarian organizations. Many messaging apps have features that could help humanitarian organizations to reach people who would otherwise be impossible to contact, or to collect information that would otherwise be inaccessible. This information can save lives."

The research looks at how and why people affected by crises or armed conflict are actually using messaging apps? When and how is it appropriate to introduce a new technology that not everyone will be able to access? Could communicating with people through these communication channels put them at greater risk? "To find out about these questions and more, we’ve been researching the opportunities and risks involved in using messaging apps in humanitarian situations through interviews and a scan of existing research on the topic."

The full repot can be downloaded from this page.

Follow CircleID on Twitter

More under: Access Providers, Mobile