DNS Security

Noteworthy

 The movement is on, DNSSEC, ready set go! Just make sure you are ready when you go!

 Some folks have already asked me if DNSSEC could have prevented Twitter.com traffic from being hijacked. In this case, the answer is, "No".

 Over the next few years we should expect to see applications leveraging DNSSEC in ways we cannot imagine now.

 DNSSEC technology standards have been stable and mature since 2007, with only updates, clarifications, and new functionality added since then.

DNS Security / Recently Commented

CircleID's Top Ten Posts of 2012

Here are the top ten most popular news, blogs, and industry updates featured on CircleID during 2012 based on the overall readership of the posts for the past 12 months. Congratulations to all the participants whose posts reached top readership and best wishes to the entire community for 2013. more»

The Christmas Goat and IPv6 (Year 3)

As Christmas were getting closer, the third time of load balancing the streaming pictures of the famous Christmas goat in the city of Gävle, Sweden, was on the agenda. My goal with this activity is the same as before, to track the use of IPv6 and DNSSEC validation. The results from the last two years are published on CircleID. more»

ION Conference At USENIX LISA This Week Features IPv6 and DNSSEC Sessions - Will Be Livestreamed

If any of you are attending the USENIX Large Installation System Administration (LISA) conference in San Diego this week, the Internet Society's "Internet ON" (ION) Conference is co-located with LISA12 and will take place tomorrow, December 11, 2012, from 1:30 - 5:00 pm US Pacific time. more»

2012 Global Phishing Trends: Uptime Down, Numbers Up

Despite security advances over the past year, including the increased deployment of DNSSEC, pirates continue to wreak havoc on the Internet. But before you decide that Internet security innovations are futile, consider this: online criminals are just like burglars in the physical world; they don't take new ways of blocking their best efforts lying down. They come up with new and, in some cases, stronger plans of attack. more»

When Businesses Go Dark: A DDoS Survey

In February 2012, Neustar surveyed IT professionals across North America to better understand their DDoS experiences. Most were network services managers, senior systems engineers, systems administrators and directors of IT operations. In all, 1,000 people from 26 different industries shared responses about attacks, defenses, ongoing concerns, risks and financial losses. more»

The Recent DDoS Attacks on Banks: 7 Key Lessons

Starting in mid-September, one of the largest and most sophisticated DDoS attacks ever targeted the titans of American banking. Initially, victims included Bank of America, JPMorgan Chase, Wells Fargo, PNC Bank, and U.S. Bancorp. In the weeks to come, others would also feel the pain. Websites crashed, customers were unable to make transactions and IT professionals and PR gurus went into panic mode. Leon Panetta, U.S. Secretary of Defense, said the attacks foreshadowed a "Cyber Pearl Harbor." more»

Internet Society ION Conferences: Call for Speakers - IPv6 and DNSSEC Experts

The Internet Society Deploy360 Programme issues a call for speakers for a series of upcoming global ION Conferences. ISOC welcomes submissions from IPv6 and DNSSEC experts to speak at any of the following ION conferences. more»

Going for Broke: Financial Services Industry Falling Behind on DNSSEC Adoption

Many CircleID readers have been watching the acceleration of DNSSEC adoption by top level domains with great interest, and after many years the promise of a secure and trustworthy naming infrastructure across the generic and country-code domains finally seems within reach. While TLD DNSSEC deployments are major milestones for internet security, securing the top level domains is not the end goal - just a necessary step in the process. more»

The Mailbox That Saved DNSSEC

A very long time ago, back in the ancient time of year 2006, the registry for .se domains, also called .SE, opened up for signing .se zones with DNSSEC. In those days .SE did not have a registrar/registry model and my own company Interlan was then an agent for .SE. One day I suddenly got a mail from .SE regarding secure DNS -- DNSSEC. ...I almost immediately saw the benefits that such a solution could give to a better and more secure Internet. more»

Google Notifying Half a Million Users Affected By DNSChanger

Google has announced that it has started undertaking an effort to notify roughly half a million people whose computers or home routers are infected with a well-publicized form of malware known as DNSChanger. "After successfully alerting a million users last summer to a different type of malware, we've replicated this method and have started showing warnings via a special message that will appear at the top of the Google search results page for users with affected devices." more»

DNSChanger Disruption Inevitable, ISPs Urged to Bolster User Support

Up to 100,000 customer modems are at risk of losing their internet connection from July 9 when the FBI disables rogue DNS servers seized late last year. The affected customer modems make up about a third of the 350,000 to 400,000 internet users believed to still have the DNSChanger malware on either their modems or Windows computers. more»

Counter-eCrime Operations Summit (APWG) In Prague Next Week

The sixth annual Counter-eCrime Operations Summit (CeCOS VI) will engage questions of operational challenges and the development of common resources for the first responders and forensic professionals who protect consumers and enterprises from the ecrime threat every day. This year's meeting will focus on the shifting nature of cybercrime and the attendant challenges of managing that dynamic threatscape. more»

Why SOPA Defender Joins Internet Society as Regional Director

Internet Society recently announced the appointment of former chief technology officer of Motion Picture Association of America (MPAA). The decision has raised concerns within the Internet community as Paul Brigner had campaigned for SOPA while at MPAA as well as being on record opposing net neutrality while being an official at Verizon. more»

Slowly Cracking the DNSSEC Code at ICANN 43

As regular readers know, ICANN holds lengthy, in-depth discussions devoted to DNSSEC at each of its three annual meetings. The half-day session held at ICANN 43 in Costa Rica last month was particularly interesting. What became clear is that the industry is quickly moving into the end-user adoption phase of global DNSSEC deployment. more»

IPv6 Stat Leapfrogs Expectations and Illustrates Important Role Registrars Play in Uptake

Since 2005, Infoblox has commissioned a survey by The Measurement Factory, a research firm that specializes in performance testing and protocol compliance. The studies examine key aspects of the Internet's Domain Name infrastructure with results that uncover trends in DNS server configuration and deployed features. Some topics that have helped define the survey over the years have been arguably more leading edge (DNSSEC), while others are best described as quotidian (lame servers). more»