Security

Noteworthy

 IPv6 represents new territory for most Internet stakeholders, and its rollout will introduce some unique security challenges.

Blogs

Bashbleed - A Nasty Reminder Never to Forget Security 101

After the botched burglary at the Watergate Apartments, every scam and scandal that hit the headlines became a 'gate' -- Irangate, Contragate, you name it. The Heartbleed bug is possibly the closest thing to Watergate that this generation of computer security had seen till the past few days -- an exploit in a component that is "just there" -- something you utterly rely on to be there and perform its duties, and give very little thought to how secure (or rather, insecure) it might be. So, fittingly, every such catastrophic bug in an ubiquitous component is now a 'bleed'. more»

Credit Card Breaches a Salutary Lesson for DNSSEC Adoption

Maintaining an 150 year old house requires two things, a lot of time and a lot of trips to the hardware store. Since the closest hardware store to my house is Home Depot, it is rare that a weekend passes without at least one trip to Home Depot. So now in the wake of the Home Depot data breach I am through no fault of my own in a situation where any or all of the bank cards I use regularly could be cancelled if the issuer decides they might be compromised. And this is not the first time this has happened to me this year. more»

Watch ION Belfast / UKNOF Live Tuesday, Sept 9, for IPv6, DNSSEC, BGP Security and More

On Tuesday, September 9, 2014, you have a great opportunity to watch live a very packed agenda full of great sessions about IPv6, DNSSEC, routing/BGP security and other components of Internet infrastructure streaming out of the UKNOF / ION Belfast event in Belfast, UK. All of the sessions can be seen live. more»

DNSSEC Adoption - A Status Report (Part One)

Where is the domain industry with the adoption of DNSSEC? After a burst of well publicized activity from 2009-2011 -- .org, .com, .net, and .gov adopting DNSSEC, roots signed, other Top-Level Domains (TLDs) signed -- the pace of adoption appears to have slowed in recent years. As many CircleID readers know, DNSSEC requires multiple steps in the chain of trust to be in place to improve online security. more»

Fear of Disaster: 5 Tips to Help Enterprises Cope

IT disasters can strike anywhere, anytime. In 1983, a faulty Soviet warning system nearly precipitated World War III -- the system claimed five missiles were en route from the U.S. Only quick thinking by Lt. Col. Stanislav Petrov saved the day when he realized the United States would never launch so few warheads. And in 2004, a private contractor working with the British Child Support Agency (CSA) suffered a glitch that overpaid 1.9 million people and underpaid 700,000. more»

The Next New Media: Typewriters and Handwritten Letters

Who would have thought that typewriters and handwritten letters would ever be back in fashion? But back in 2013 it was reported that Russia was buying large quantities of typewriters. When this was further investigated the country denied that this was for security reasons. Since the Snowden revelations there has been a further rush on typewriters, both by government officials and by a range of, mainly corporate, businesses. more»

Verisign Mitigates 300 Gbps DDoS Attack and Other Q2 2014 DDoS Trends

It has been another busy quarter for the team that works on our DDoS Protection Services here at Verisign. As detailed in the recent release of our Q2 2014 DDoS Trends Report, from April to June of this year, we not only saw a jump in frequency and size of attacks against our customers, we witnessed the largest DDoS attack we've ever observed and mitigated -- an attack over 300 Gbps against one of our Media and Entertainment customers. more»

Call for Nominations: M3AAWG J. D. Falk Award Seeks Stewards of a Better Online World

Anyone seeking to honor a groundbreaking contribution toward a better online world should submit a nomination for the 2014 M3AAWG J. D. Falk Award. Presented to people whose work on specific projects made the Internet a safer, more collaborative, more inclusive place, the J. D. Falk Award has recognized leaders and pioneers who saw elements of the online experience that needed improvement and took action to fix them.  more»

Six Approaches to Creating an Enterprise Cyber Intelligence Program

As few as seven years ago, cyber-threat intelligence was the purview of a small handful of practitioners, limited mostly to only the best-resourced organizations - primarily financial institutions that faced large financial losses due to cyber crime - and defense and intelligence agencies involved in computer network operations. Fast forward to today, and just about every business, large and small, is dependent on the Internet in some way for day-to-day operations, making cyber intelligence a critical component of a successful business plan. more»

Anti-Spoofing, BCP 38, and the Tragedy of the Commons

In the seminal 1968 paper "The Tragedy of the Commons" , Garrett Hardin introduced the world to an idea which eventually grew into a household phrase. In this blog article I will explore whether Hardin's tragedy applies to anti-spoofing and Distributed Denial of Service (DDoS) attacks in the Internet, or not... Hardin was a biologist and ecologist by trade, so he explains "The Tragedy of the Commons" using a field, cattle and herdsmen. more»

Some Internet Measurements

At APNIC Labs we've been working on developing a new approach to navigating through some of our data sets the describe aspects of IPv6 deployment, the use of DNSSEC and some measurements relating to the current state of BGP. The intent of this particular set of data collections is to allow the data to be placed into a relative context, displaying comparison of the individual measurements at a level of geographic regions, individual countries, and individual networks. more»

What Should PGP Look Like?

Those who care about security and usability - that is, those who care about security in the real world - have long known that PGP isn't usable by most people. It's not just a lack of user-friendliness, it's downright user hostile. Nor is modern professional crypto any better. What should be done? How should crypto in general, and PGP in particular, appear to the user? I don't claim to know, but let me pose a few questions. more»

Watch LIVE: Edward Snowden at HOPE-X Today at 2:00pm EDT (18:00 UTC)

Whether you view Edward Snowden as a criminal or a hero, or somewhere in between, you cannot dispute that his revelations about pervasive surveillance have changed the discussions about the Internet on both technology and policy levels. If you are interested in hearing what Edward Snowden has to say himself, he is scheduled to speak today, Saturday, July 19, 2014, at 2:00pm US EDT at the HOPE-X conference in New York City. more»

A Great Bit of DNSSEC and DNS at IETF 90 Next Week

For those people tracking the evolution and deployment of DNSSEC or who are just interested in "DNS security" in general there is a great amount of activity happening next week at IETF 90 in Toronto. I dove into this activity in great detail in a recent post, "Rough Guide to IETF 90: DNSSEC, DANE and DNS Security", and summarized the activity in a Deploy360 post... more»

Senate Judiciary Committee Hearing on Botnet Takedowns (July 15, 2014)

The background is of course quite interesting, given how soon it has followed Microsoft's seizure of several domains belonging to Dynamic DNS provider no-ip.com for alleged complicity in hosting trojan RAT gangs, a couple of days after which the domains were subsequently returned -- without public comment -- to Vitalwerks, the operator of No-IP. This is by no means a new tactic for Microsoft, who has carried out successful seizures of various domains over the past two or three years. more»

News Briefs

TCP Stealth Aims to Keep Servers Safe from Mass Port-Scanning Tools

Google Announces Project Zero to Secure the Internet

DDoS Attacks Shutdown Several World Cup Websites

Popular RSS Reader Feedly Suffers Back to Back DDoS Attacks, Held for Ransom

Paul Vixie on How the Openness of the Internet Is Poisoning Us

Sophia Bekele: The AUCC Debate on Cybersecurity Needs to Involve All Stakeholders

European Standardization Organizations Discuss Role of Standards for EU Cybersecurity Strategy

US House Hearing Scheduled on Internet Stability, IANA Transition

Secure Domain Foundation Launched to Help Internet Infrastructure Operators Fight Cybercrime

Widespread Compromised Routers Discovered With Altered DNS Configurations

A Research Finds Banking Apps Leaking Info Through Phones

Significant Uptick Reported in Targeted Internet Traffic Misdirection

Upcoming Latin America and Caribbean DNS Forum

IETF Reaches Broad Consensus to Upgrade Internet Security Protocols Amid Pervasive Surveillance

IETF Looking at Technical Changes to Raise the Bar for Monitoring

John Crain Named ICANN's New Chief Security, Stability and Resiliency Officer

Israeli Tunnel Hit by Cyberattack Causing Massive Congestion

US Government Releases Cybersecurity Framework Proposal

Rodney Joffe on Security Vulnerabilities of Modern Automobiles

Paul Mockapetris to Serve as Senior Security Advisor to ICANN's Generic Domains Division

Most Viewed

Most Commented

Taking Back the DNS

Fake Bank Site, Fake Registrar

When Registrars Look the Other Way, Drug-Dealers Get Paid

Who Is Blocking WHOIS? Part 2

Not a Guessing Game

Verisign Updates – Sponsor

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

Andrew G. West, a Research Scientist in Verisign Labs, along with collaborator and U.S. Naval Academy professor Adam J. Aviv examined nearly 900 million user-submitted URLs to gauge the prevalence and severity of privacy leaks. ›››

Verisign Named to the OTA's 2014 Online Trust Honor Roll

The Online Trust Alliance (OTA), a nonprofit organization that works collaboratively with industry leaders to enhance online trust, completed comprehensive evaluations of more than 800 sites and mobile applications by analyzing companies' data protection, security and privacy practices, including over two-dozen criteria. ›››

Tips to Address New FFIEC DDoS Requirements

Recently, the FFIEC released statements that describe steps it expects financial institutions to take to address cyberattacks and highlight resources institutions can use to help mitigate the risks posed by such attacks. ›››

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

At Verisign, we focus on protecting companies from increasingly complex cyber threats, and this relationship should only raise the bar higher, as it will provide a different, more integrated approach than what's used today, to help ensure faster and more efficient detection and mitigation. ›››

Motivated to Solve Problems at Verisign

As the world keeps changing, so do the requirements for products and services and the ways to achieve them most effectively. Our researchers and engineers continue to innovate and adapt to those changes, while also anticipating the next ones. ›››

Diversity, Openness and vBSDcon 2013

Diversity is a central design principle of the Domain Name System; diversity is one reason the DNS industry in general, and Verisign in particular, doesn't do everything the same way and in the same place. ›››

What's in a Name Server?

With the domain name space continuing to expand and new service providers entering the market, there has been a lot of discussion about the different types of DNS services available today. ›››

Industry Updates

Participants – Random Selection