Cybersecurity / Featured Blogs

Let's Not Forget About Solar Flares

As the world becomes more and more reliant on electronics, it's worth a periodic reminder that a large solar flare could knock out much of the electronics on earth. Such an event would be devastating to the Internet, satellite broadband, and the many electronics we use in daily life. A solar flare is the result of periodic ejections of matter from the sun into space. Scientists still aren't entirely sure what causes solar flares, but they know that it's somehow related to shifts in the sun's magnetic field. more

Clarivate Domain Survey Reveals a 10% Increase in Cyberattacks

Clarivate has once again surveyed global business leaders about the importance of domain names to their organizations, including the role of domains as intellectual property (IP) assets. The 2020 survey followed up on our 2019 survey, revealing key year-over-year trends in how organizations manage, secure and budget for domain names. In this blog, we review key trends from the new report. more

Information Protection for the Domain Name System: Encryption and Minimization

In previous posts in this series, I've discussed a number of applications of cryptography to the DNS, many of them related to the Domain Name System Security Extensions (DNSSEC). In this final blog post, I'll turn attention to another application that may appear at first to be the most natural, though as it turns out, may not always be the most necessary: DNS encryption. (I've also written about DNS encryption as well as minimization in a separate post on DNS information protection.) more

Securing the DNS in a Post-Quantum World: Hash-Based Signatures and Synthesized Zone Signing Keys

In my last article, I described efforts underway to standardize new cryptographic algorithms that are designed to be less vulnerable to potential future advances in quantum computing. I also reviewed operational challenges to be considered when adding new algorithms to the DNS Security Extensions (DNSSEC). In this post, I'll look at hash-based signatures, a family of post-quantum algorithms that could be a good match for DNSSEC from the perspective of infrastructure stability. more

Notorious Markets, Scams and Implications for Brands

On January 14, 2021, the Office of the United States Trade Representative (USTR) released its 2020 Review of Notorious Markets for Counterfeiting and Piracy (the Notorious Markets List, or NML). This publication enumerates online and physical markets that have been reported to engage in trademark, counterfeiting, and copyright infringement at scale. For the first time, the NML documents show how internet platforms play a part in bringing illicit goods into the US. more

Reality Check on the 5G Security MAGAverse

As chance has it, the attempt by NTIA to create a fake Trump Open 5G Security Framework MAGAverse as they headed out the door on 15 January is being followed this week by the global meeting of 3GPP SA3 (Security) to advance the industry's real open 5G security Framework. Designated TSGS3-102e (the 102nd meeting, occurring electronically), it continues the practice of assembling companies, organisations, and agencies from around the world every 8 to 12 weeks to focus on 5G security for current and future releases of 5G infrastructure. more

Securing the DNS in a Post-Quantum World: New DNSSEC Algorithms on the Horizon

One of the "key" questions cryptographers have been asking for the past decade or more is what to do about the potential future development of a large-scale quantum computer. If theory holds, a quantum computer could break established public-key algorithms including RSA and elliptic curve cryptography (ECC), building on Peter Shor's groundbreaking result from 1994. more

WHOIS Record Redaction and GDPR: What's the Evolution Post-2018?

We all use the Internet daily. Practically every element of our reality has its equal in the virtual realm. Friends turn into social media contacts, retail establishments to e-commerce shops, and so on. We can't deny that the way the Internet was designed, to what it has become, differs much. One example that we'll tackle in this post is the seeming loss of connection between domains and their distinguishable owners. more

Verisign Outreach Program Remediates Billions of Name Collision Queries

A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings. more

Newer Cryptographic Advances for the Domain Name System: NSEC5 and Tokenized Queries

In my last post, I looked at what happens when a DNS query renders a "negative" response -- i.e., when a domain name doesn't exist. I then examined two cryptographic approaches to handling negative responses: NSEC and NSEC3. In this post, I will examine a third approach, NSEC5, and a related concept that protects client information, tokenized queries. The concepts I discuss below are topics we've studied in our long-term research program as we evaluate new technologies. more