IP-based networks, including the Internet, route information between computers based on their IP address (such as 208.77.188.166). Directly using these numbers would cause many problems, so Domain Name System (DNS) is a critical service of such networks. DNS accepts a domain name (such as www.example.com) and responds with information about that name, such as its matching IP address. DNS can also perform reverse look-ups (given an IP address, return the corresponding name). Unfortunately, DNS was not designed to be secure. DNSSEC was designed to protect Internet resolvers (clients) from forged DNS data. It is widely believed that deploying DNSSEC is critically important for securing the Internet as a whole, but deployment has been hampered by some difficulties. Some of these problems are in the process of being resolved, and deployments in various domains have begun to take place. Read the full background at DNSSEC Wikipedia
I'm interested in CircleID community's take on NeuStar's recent announcement of Cache Defender. While only effective for domains the company is authoritative for, that does cover a large number of big Internet brands and financial institutions. Why wouldn't an ISP deploy this now, while waiting for all the myriad issues involved in DNSSEC to be resolved? more»
As I've been getting ready to catch my plane for ICANN 35 (Sydney), I can't help but thinking that there are a lot of things going down these days that will dramatically affect makeup of the Internet for years to come. Next year at this time, the root could be a very, very different place. A few of the items that will be getting deconstructed, discussed, debated Down Under are outlined below... more»
Before we get into what DNSSEC is and the benefits of it, let's talk about some of the other potential pitfalls of DNS. One of the most significant issues we have to deal with are denial-of-service (DoS) attacks. While DoS attacks are not specific to DNS we have seen DNS be a frequent target of these attacks. more»
News broke this week about an attack in Puerto Rico that caused the local websites of Google, Microsoft, Yahoo, Coca-Cola, PayPal, Nike, Dell and Nokia to be redirected for a few hours to a phony website. The website was all black except for a taunting message from the computer hacker responsible for the attack... more»
Four senators (Rockefeller, Bayh, Nelson, and Snowe) have recently introduced S.773, the Cybersecurity Act of 2009. While there are some good parts to the bill, many of the substantive provisions are poorly thought out at best. The bill attempts to solve non-problems, and to assume that research results can be commanded into being by virtue of an act of Congress. Beyond that, there are parts of the bill whose purpose is mysterious, or whose content bears no relation to its title. more»
So this Internet thing, as we discussed in our last article, is broken. I promised to detail some of the specific things that are broken. Implicit trust is the Achilles heel of the Internet... All of the communication between the resolver and the DNS server is in plain text that can be easily seen and changed while in transit, further, the resolver completely trusts the answer that was returned... more»
The DNSSEC Industry Coalition conducted its first face to face meeting on Friday, March 13, 2009 at Google's Washington, DC office. Google's fun filled meeting room was packed with organizations that share a keen interest in DNS Security through the implementation of DNSSEC. more»
It's been 15 long years since the standard for DNSSEC was developed and sadly adoption has been painfully low until recently, thanks to Dan Kaminsky, the infamous Internet Researcher who indentified that gaping hole in the DNS. The discovery of the fundamental flaw in DNS sparked industry wide attention! Every day, we move a little closer to widespread DNSSEC adoption, so I thought I'd take a moment and highlight some of the most notable milestones... more»
I've been privately talking about the theoretical dangers of HTTPS hacking with the developers of a major web browser since 2006 and earlier last month, I published my warnings about HTTPS web hacking along with a proposed solution. A week later, Google partially implemented some of my recommendations in an early Alpha version of their Chrome 2.0 browser... This week at the Black Hat security conference in Washington DC, Moxie Marlinspike released a tool called SSL Strip... more»
Today is a historic day as the first generic Top-Level Domain (gTLD) has been signed. Only a few other top level domains, all of which are country code Top-Level Domains (ccTLDs), have been signed to date. This step is part of the first phase of adoption. Authoritative DNS servers need to sign and publish their zones. The second part is for the resolvers on the Internet to validate the keys. Both systems working together will provide security in the DNS. more»
This vulnerability, brought to public attention last year by security researcher Dan Kaminsky, allows criminal elements to engage in "DNS cache poisoning" for the malicious hijacking of domain names and results in consequent damage from large-scale identity theft, among other illegal activities. ›››
Today, .ORG, The Public Interest Registry, the company behind the .ORG domain name, is the first open generic Top-Level Domain to successfully sign the .ORG zone file with Domain Name Security Extensions (DNSSEC). To date, the .ORG zone is the largest domain registry to implement the security measure. ›››
The DNSSEC Industry Coalition Symposium is announced today in collaboration with Google, Nominum, Inc. and ICANN and will be held June 11-12, 2009, in Washington, DC. The purpose will be to discuss and identify potential and perceived issues with the Domain Name System (DNS) and DNSSEC deployment due to signing the DNS root zone. ›››
DNSstuff.com has announced in partnership with Trusteer that it is offering Rapport, a tool that protects your transactions from being tampered with and private information from being stolen, through its website, dnsstuff.com.
Rapport is an easy-to-use browser plug-in that provides users with a secure connection to any online site they log into, protecting their most valuable online assets — login credentials. ›››
MarkMonitor has announced AntiFraud Solutions, offering patented technology to enable brand owners to prevent, detect and respond to phishing and malware attacks. MarkMonitor AntiFraud Solutions leverage the extensive MarkMonitor network of relationships and technology designed to thwart phishing attacks in order to combat the rapidly expanding problem of malware targeting brands.
›››
The DNSSEC Industry Coalition comprised of 20 organizations streamlining the rollout of DNSSEC worldwide, gathered on Friday, March 13, 2009, to share best practices in deployment and meet the urgent challenge to secure the Internet's domain name system (DNS). ›››
COCC, a leading provider of next generation technology services for financial institutions, has partnered with MarkMonitor, the global leader in enterprise brand protection, to help mutual clients protect their brands in the face of increasing Internet-based fraud. ›››
The DNSSEC Industry Coalition announces today the formation of its Registrar Review Team following the 34th public meeting of the Internet Corporation of Assigned Names and Numbers (ICANN) in Mexico City, Mexico. The Registrar Review Team is comprised of companies that will provide the coalition with valuable information from a registrar's unique perspective. ›››
Mexico City's ICANN meeting represented an important shift in direction for brand rights holder issues. All the work that the IP Community -- including ICANN's IP Constituency, our customers, concerned companies, organizations and individuals who commented on the draft applicant guidebook as well as MarkMonitor -- paid dividends. ›››
MarkMonitor releases the company's latest Brandjacking Index, which finds that online abuse of many of the world's leading brands rose in 2008; report also reveals that 80% of abusive sites identified in 2007 were still active today, indicating brandholders must take a stronger stance against aggressive fraudsters. ›››