Cybersecurity / Recently Commented

A Report on the ICANN DNS Symposium

By any metric, the queries and responses that take place in the DNS are highly informative of the Internet and its use. But perhaps the level of interdependencies in this space is richer than we might think. When the IETF considered a proposal to explicitly withhold certain top-level domains from delegation in the DNS the ensuing discussion highlighted the distinction between the domain name system as a structured space of names and the domain name system as a resolution space... more

A Short History of DNS Over HTTP (So Far)

The IETF is in the midst of a vigorous debate about DNS over HTTP or DNS over HTTPS, abbreviated as DoH. How did we get there, and where do we go from here? (This is somewhat simplified, but I think the essential chronology is right.) Javascript code running in a web browser can't do DNS lookups, other than with browser.dns.resolv() to fetch an A record, or implicitly by fetching a URL which looks up a DNS A or AAAA record for the domain in the URL. more

DNS Privacy at IETF 104

From time to time the IETF seriously grapples with its role with respect to technology relating to users' privacy. Should the IETF publish standard specifications of technologies that facilitate third-party eavesdropping on communications or should it refrain from working on such technologies? Should the IETF take further steps and publish standard specifications of technologies that directly impede various forms of third party eavesdropping on communications? more

Unexpected Behaviour Observed With DNS Root Servers After Cryptographic Change

The DNS root servers were reported by Verisign to be under unexpected attack from name servers across the Internet following ICANN's recent changes to their cryptographic master keys. more

Putting Cyber Threats Into Perspective

As society uses more digital technologies we are increasingly also faced with its problems. Most of us will have some horror stories to tell about using computers, smartphones, and the internet. But this hasn't stopped us from using the technology more and more. I believe that most people would say that their lives would be worse without technology -- in developed countries but equally in the developing world. more


With the latest "DNSpionage" attack, ICANN astutely prompted domain name holders to fully deploy DNSSEC on their names. Afilias absolutely supports this and encourages the same. In this post, I remind you of why DNSSEC is important and our continued role. Afilias has a long history in the development and advocacy of DNSSEC. In 2007, we partnered with Public Interest Registry to help found more

Researchers Demonstrate Serious Privacy Attacks on 4G and 5G Protocols

A group of academic researchers have revealed a design weakness in the 4G/5G protocol which can be exploited by an attacker to identify the victim's presence in a particular cell area just from the victim's soft-identity such as phone number and Twitter handle. more

Microsoft is Abandoning SHA-1 Hashes for Updates - But Why?

Microsoft is shipping a patch to eliminate SHA-1 hashes from its update process. There's nothing wrong with eliminating SHA-1 - but their reasoning may be very interesting. SHA-1 is a "cryptographic hash function". That is, it takes an input file of any size and outputs 20 bytes. An essential property of cryptographic hash functions is that in practice (though obviously not in theory), no two files should have the same hash value unless the files are identical. more

What Is the Most Secure VPN Protocol?

VPN products vary greatly in convenience, efficiency, and security. If security is a serious concern, an organization needs to pay close attention to the protocols a service supports. Some widely used protocols have significant weaknesses, while others offer state-of-the-art security. The best of the lot today include OpenVPN and IKEv2. What's called a VPN protocol is actually a collection of protocols. There are several functions which every VPN has to manage. more

Revisiting How Registrants Can Reduce the Threat of Domain Hijacking

Recent events have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports. Domains are an important element of internet infrastructure; their functionality and security rely upon many factors such as their delegated name servers. more

Creating TLS: The Pioneering Role of Ruth Nelson

As often occurs in networking and cryptographic history, anecdotes and insularity conspire to mask how developments actually occurred, and seminal roles undertaken by women are forgotten or ignored. One of the notable examples of this proclivity occurred in the cybersecurity cryptology arena as it involves a critical platform known as the Transport Layer Security Protocol (TLS) and the pioneering role of Ruth Nelson. more

Internet Economics

One year ago, in late 2017, much of the policy debate in the telecommunications sector was raised to a fever pitch over the vexed on-again off-again question of Net Neutrality in the United States. It seemed as it the process of determination of national communications policy had become a spectator sport, replete with commentators who lauded our champions and demonized their opponents. more

Why Is It So Hard to Run a Bitcoin Exchange?

One of the chronic features of the Bitcoin landscape is that Bitcoin exchanges screw up and fail, starting with Mt. Gox. There's nothing conceptually very hard about running an exchange, so what's the problem? The first problem is that Bitcoin and other blockchains are by design completely unforgiving. If there is a bug in your software which lets people steal coins, too bad, nothing to be done. more

Strange Email Used to Inform Marriott Customers About the Massive Data Breach

Millions of email warnings were sent out by Marriot on Friday to warn customers about the massive data breach which has affected close to half a billion guest data. more

Hackers Behind Marriott Breach Left Clues Suggesting Link to Chinese Government

Hackers behind the massive data breach of the hotel group Marriott International Inc have left clues suggesting ties to the Chinese government intelligence-gathering operation. more