IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.


The Internet Needs a Security and Performance Upgrade

Many of you will have seen news stories that explained what was going on: a huge DDoS attack on the infrastructure of Dyn had taken down access to many large websites like Twitter. A great deal of digital ink has since been spilled in the mainstream press on the insecurity of the Internet of Things, as a botnet of webcams was being used. Here are some additional issues that might get missed in the resulting discussion. more»

A Great Collaborative Effort: Increasing the Strength of the Zone Signing Key for the Root Zone

A few weeks ago, on Oct. 1, 2016, Verisign successfully doubled the size of the cryptographic key that generates DNSSEC signatures for the internet's root zone. With this change, root zone DNS responses can be fully validated using 2048-bit RSA keys. This project involved work by numerous people within Verisign, as well as collaborations with ICANN, Internet Assigned Numbers Authority (IANA) and National Telecommunications and Information Administration (NTIA). more»

Steps on How Service Providers Can Combat CPE Fraud and Protect Network Security

Cable modem fraud can be a major source of revenue leakage for service providers. A recent study found that communication service providers lost $3 billion dollars worldwide due to cable modem cloning and fraudulent practices. To combat this problem, device provisioning solutions include mechanisms to prevent loss -- but what do you really need to protect your bottom line? more»

Maintaining Security and Stability in the Internet Ecosystem

DDoS attacks, phishing scams and malware. We battle these dark forces every day - and every day they get more sophisticated. But what worries me isn't just keeping up with them, it is keeping up with the sheer volume of devices and data that these forces can enlist in an attack. That's why we as an industry need to come together and share best practices - at the ICANN community, at the IETF and elsewhere - so collectively we are ready for the future. more»

Exploiting the Firewall Beachhead: A History of Backdoors Into Critical Infrastructure

There is no network security technology more ubiquitous than the firewall. With nearly three decades of deployment history and a growing myriad of corporate and industrial compliance policies mandating its use, no matter how irrelevant you may think a firewall is in preventing today's spectrum of cyber threats, any breached corporation found without the technology can expect to be hung, drawn, and quartered by both shareholders and industry experts alike. more»

Increasing the Strength of the Zone Signing Key for the Root Zone, Part 2

A few months ago I published a blog post about Verisign's plans to increase the strength of the Zone Signing Key (ZSK) for the root zone. I'm pleased to provide this update that we have started the process to pre-publish a 2048-bit ZSK in the root zone for the first time on Sept. 20. Following that, we will publish root zones with the larger key on Oct. 1, 2016. more»

DDOS Attackers - Who and Why?

Bruce Schneier's recent blog post, "Someone is Learning How to Take Down the Internet", reported that the incidence of DDOS attacks is on the rise. And by this he means that these attacks are on the rise both in the number of attacks and the intensity of each attack. A similar observation was made in the Versign DDOS Trends report for the second quarter of 2015, reporting that DDOS attacks are becoming more sophisticated and persistent in the second quarter of 2016. more»

Does Apple's Cloud Key Vault Answer the Key Escrow Question?

In a recent talk at Black Hat, Apple's head of security engineering (Ivan Krstić) described many security mechanisms in iOS. One in particular stood out: Apple's Cloud Key Vault, the way that Apple protects cryptographic keys stored in iCloud. A number of people have criticized Apple for this design, saying that they have effectively conceded the "Going Dark" encryption debate to the FBI. They didn't, and what they did was done for very valid business reasons -- but they're taking a serious risk... more»

Internet Access: A Chokepoint for Development

In the 1980's internet connectivity meant allowing general public to communicate and share knowledge and expertise with each other instantly and where it was not possible otherwise. Take the story of Anatoly Klyosov, connecting Russia to the western world for the first time in 1982, as an example. A bio-chemist who was not allowed to leave the soviet territory for security reasons. The internet enabled him to participate in meetings with his counterparts at Harvard University, University of Stockholm and beyond. more»

China's QUESS and Quantum Communications

In mid-August China launched "QUESS" (Quantum Experiments at Space Scale), a new type of satellite that it hopes will be capable of "quantum communications" which is supposed to be hack-proof, through the use of "quantum entanglement". This allows the operator to ensure that no one else is listening to your communications by reliably distributing keys that are then used for encryption in order to be absolutely sure that there is no one in the middle intercepting that information. more»

Security Against Election Hacking - Part 2: Cyberoffense Is Not the Best Cyberdefense!

State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected). In my previous post I explained how we must audit elections independently of the computers, so we can trust the results even if the computers are hacked. more»

Security Against Election Hacking - Part 1: Software Independence

There's been a lot of discussion of whether the November 2016 U.S. election can be hacked. Should the U.S. Government designate all the states' and counties' election computers as "critical cyber infrastructure" and prioritize the "cyberdefense" of these systems? Will it make any difference to activate those buzzwords with less than 3 months until the election? First, let me explain what can and can't be hacked. Election administrators use computers in (at least) three ways... more»

Video: Interview with Jari Arkko at IETF 96 in Berlin

Would you like to understand the major highlights of the 96th meeting of the Internet Engineering Task Force (IETF) last month in Berlin? What were some of the main topics and accomplishments? How many people were there? What else went on? If so, you can watch a short video interview I did below with IETF Chair Jari Arkko. more»

NTP is Still a Security Risk

The Network Time Protocol (NTP) has been in the news a number of times over the past couple of years because of attacks on the protocol, vulnerabilities in the daemon, and the use of NTP in DDoS attacks. In each case, the developers of NTP have responded quickly with fixes or recommendations for remediating these attacks. Additionally, the development team has continued to look ahead and has worked to enhance the security of NTP. Unfortunately, that has not translated to an improved security picture for NTP. more»

Internet: Quo Vadis (Where are you going?)

Articles, blogs, and meetings about the internet of the future are filled with happy, positive words like "global", "uniform", and "open". The future internet is described in ways that seem as if taken from a late 1960's Utopian sci-fi novel: the internet is seen as overcoming petty rivalries between countries, dissolving social rank, equalizing wealth, and bringing universal justice. If that future is to be believed, the only obstacle standing between us and an Arcadian world of peace and harmony is that the internet does not yet reach everyone... more»

News Briefs

Over 3.2 Million Debit Cards May Have Been Compromised, Says National Payment Corporation of India

US Banks Face New Demands by Regulators for Higher Cyber Risk Management Standards

British Banks Not Fully Reporting Cyber Attacks, Fear Punishment, Bad Publicity

US to Retaliate Russian DNC Hack, Will Hit Russia with "Proportional" Response

New Trojan Used in High Level Financial Attacks, Multiple Banks Attacked

G7 Nations Set Cybersecurity Guidelines for Financial Sector

Moscow Calls US Accusations of Russian DNC Hack "Unprecedented Anti-Russian Hysteria"

US Intelligence Officially Accuses Russian Government for the DNC Hack

IoT Botnet Source Code Responsible for Historic Attack Has Been Publicly Released

Cameras, DVRs Used for Massive Cyberattack on French Hosting Company and Others

US Senators in Letter to Yahoo Say Late Hack Disclosure "Unacceptable"

What Trump and Clinton Said About Cybersecurity in the First US Presidential Debate

Cybersecurity Regime for Satellites and other Space Assets Urgently Required, Warn Researchers

Yahoo to Confirm Massive Data Breach, Several Hundred Million Users Exposed

UK's National Cyber Security Centre Reveals Plans to Scale Up DNS Filtering

Schneier: "Someone Is Learning How to Take down the Internet"

U.S. Justice Department Forms Group to Study National Security Threats of IoT

New York’s Department of Financial Services Issues Cybersecurity Proposal

White House Appoints Retired Air Force General as First Cyber Security Chief

China Taking Steps to Show it is Responsive to Foreign Concerns on Cybersecurity

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Not a Guessing Game

Verisign Updates – Sponsor

Defending Against Layer 7 DDoS Attacks

Layer 7 attacks are some of the most difficult attacks to mitigate because they mimic normal user behavior and are harder to identify. Verisign's recent trends show that DDoS attacks are becoming more sophisticated and complex, including an increase in application layer attacks. ›››

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

Verisign today released its Q2 2016 DDoS Trends Report providing a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services, and research conducted by Verisign iDefense Security Intelligence Services. ›››

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign is pleased to announce that it has qualified for the Online Trust Alliance's (OTA) 2016 Honor Roll for showing a commitment to best practices in security, privacy and consumer protection. ›››

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Verisign today released its Q1 2016 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Having a tightly integrated security framework is more critical than ever as cyber-attacks grow and enterprises employ a variety of on-premise and cloud-based computing services to deliver applications. ›››

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Verisign has just released its Q4 2015 DDoS Trends Report, which provides a unique view into online distributed denial of service (DDoS) attack trends from mitigations enacted on behalf of customers of Verisign DDoS Protection Services and research conducted by Verisign iDefense Security Intelligence Services. ›››

The Framework for Resilient Cybersecurity (Webinar)

A shift in security architecture is needed, to an open platform where devices and services from different vendors can share, and act, on threat intelligence information, all in concert and in the proper context. Join Ramakant Pandrangi, Vice President of Technology, and learn how to assist with designing a resilient security ecosystem by maximizing an API-centric approach. ›››

Industry Updates

Participants – Random Selection