Senior Vice President and Chief Security Officer at Verisign
Joined on May 22, 2008 – United States
Total Post Views: 54,109
Danny McPherson is Chief Security Officer for Verisign where he is responsible for strategic direction, research and innovation in infrastructure, and information security. He advises on corporate strategy, infrastructure evolution and product direction and represents Verisign in key forums focused on critical infrastructure, network evolution, intelligence and availability. With nearly 20 years of experience in the Internet network operations, security, and telecommunications industries, he brings tremendous technical leadership to the company.
Prior to joining Verisign, Danny was Vice President and Chief Security Officer at Arbor Networks where he helped lead the company's overall strategy and product architecture. He also previously held technical leadership positions in network architecture, engineering, and operations with Amber Networks, Qwest Communications, Genuity, MCI Communications, and the U.S. Army Signal Corp.
Danny has been an active participant in Internet standardization since 1996 and is considered one of the top Internet infrastructure and security industry experts. Currently he is a member of the Internet Architecture Board (IAB), Internet Research Steering Group (IRSG), and co-chairs the IETF's L3VPN WG. He also serves on the ICANN Security and Stability Advisory Council (SSAC) and the FCC's Network Reliability and Interoperability Council (NRIC).
Danny is very active in the network and security operations and research communities, and has authored several books, Internet protocol standards, network and security research papers, and other publications related to critical infrastructure, routing protocols, network security, Internet addressing, and network operations.
It has been another busy quarter for the team that works on our DDoS Protection Services here at Verisign. As detailed in the recent release of our Q2 2014 DDoS Trends Report, from April to June of this year, we not only saw a jump in frequency and size of attacks against our customers, we witnessed the largest DDoS attack we've ever observed and mitigated -- an attack over 300 Gbps against one of our Media and Entertainment customers. more»
Since Verisign published its second SSR report a few weeks back, recently updated with revision 1.1, we've been taking a deeper look at queries to the root servers that elicit "Name Error," or NXDomain responses and figured we'd share some preliminary results. Not surprisingly, promptly after publication of the Interisle Consulting Group's Name Collision in the DNS [PDF] report, a small number of the many who are impacted are aiming to discredit the report. more»
Throughout this series of blog posts we've discussed a number of issues related to security, stability, and resilience of the DNS ecosystem, particularly as we approach the rollout of new gTLDs. Additionally, we highlighted a number of issues that we believe are outstanding and need to be resolved before the safe introduction of new gTLDs can occur - and we tried to provide some context as to why, all the while continuously highlighting that nearly all of these unresolved recommendations came from parties in addition to Verisign over the last several years. more»
In 2010, ICANN's Security and Stability Advisory Committee (SSAC) published SAC045 [PDF], a report calling attention to particular problems that may arise should a new gTLD applicant use a string that has been seen with measureable (and meaningful) frequency in queries for resolution by the root system. The queries to which they referred involved invalid Top-Level Domain (TLD) queries (i.e., non-delegated strings) at the root level of DNS, queries which elicit responses commonly referred to as Name Error, or NXDomain, responses from root name servers. more»
Because domain names represent the online identity of individuals, businesses and other organizations, companies and organizations large and small have expressed increasing concern over reports of "domain name hijacking," in which perpetrators fraudulently transfer domain names by password theft or social engineering. The impact of these attacks can be significant, as hijackers are typically able to gain complete control of a victim's domain name - often for a significant period of time. more»
Do you recall when you were a kid and you experienced for the first time an unnatural event where some other kid "stole" your name and their parents were now calling their child by your name, causing much confusion for all on the playground? And how this all made things even more complicated - or at least unnecessarily complex when you and that kid shared a classroom and teacher, or street, or coach and team, and just perhaps that kid even had the same surname as you, amplifying the issue! What you were experiencing was a naming collision (in meatspace). more»
For nearly all communications on today's Internet, domain names play a crucial role in providing stable navigation anchors for accessing information in a predictable and safe manner, irrespective of where you're located or the type of device or network connection you're using. Over the past 15 years hundreds of millions of domain names have been added to the Internet's Domain Name System (DNS), and well over two billion (that's Billion!) new users, some ~34 percent of the global population, have become connected. more»
Verisign recently published a technical report on new generic top-level domain (gTLD) security and stability considerations. The initial objective of the report was to assess for Verisign's senior management our own operational preparedness for new gTLDs, as both a Registry Service Provider for approximately 200 strings, as well as a direct applicant for 14 new gTLDs... However, in cataloging internal and external risks related to the new gTLD program, we found several far-reaching and long-standing issues that need to be further explored and/or resolved with varying levels of urgency. more»
The capabilities IPv6 provides will enhance online security, but the shift to the new Internet address scheme may also present risks if not properly managed. Previously, Internet security was largely an after-thought for the early Internet, as its primary purpose was to facilitate open, end-to-end, any-to-any communications and information exchange for bridging and accelerating research efforts. Today, we have a much more complex online ecosystem that spans billions of users across the globe and serves not only as an engine for e-commerce, but as an engine for all commerce. more»
Feb. 3, 2011, came and went without much fanfare, but it was a milestone for Internet stakeholders, whether they knew it or not. On that Thursday, the last available IPv4 addresses were allocated by the Internet Assigned Numbers Authority (IANA). Though some Regional Internet Registries (RIRs) have a reasonable inventory of IP addresses that could last another year or two, the days of "new" IPv4 address allocations are largely over. more»
The folks at Renesys pointed out earlier this week some interesting activity surrounding the L-root name server, highlighting some activity that should give us all yet another reason to be concerned about the security and integrity of the Internet DNS... considering that a great deal of malware today tends to corrupt the DNS resolution path in order to further exploit compromised end-systems, and that corruption, or any other actual end-system compromise, might well be unnecessary if the root were compromised -- well, think of the possibilities! more»