Threat Intelligence

Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

Domain Research and Monitoring: Keeping an Eye on the Web for You

Reverse WHOIS: A Powerful Process in Cybersecurity

Threat Intelligence / Most Commented

Report from UN Spam Meeting in Geneva

The International Telecommunication Union (ITU), held an ITU WSIS Thematic Meeting on Countering Spam from 7 to 9 July 2004, in Geneva, Switzerland. The meeting was focused around various topics including: Scope of the problem, Technical solutions, Consumer protection and awareness, Legislation and enforcement, and International cooperation. The following is a report by William J. Drake, Senior Associate International Centre for Trade and Sustainable Development in Geneva. more

ISC Changes Name to Internet Systems Consortium

Internet Systems Consortium (ISC), formerly Internet Software Consortium, has changed its name to better reflect the new direction of the organization. The renamed company has expanded the mission of the original ISC to include more focus on Global DNS operations. In addition to developing and maintaining production quality Open Source software, such as BIND and DHCP, ISC will now enhance the stability of the global DNS through reliable F-root nameserver operations and ongoing operation of a DNS crisis coordination center, ISC's OARC for DNS; and further protocol development efforts, particularly in the areas of DNS evolution and facilitating the transition to IPv6. more

VeriSign's New Security Seal Too Trusting?

On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers! more

SECSAC Special Meeting on Site Finder: A Technical Analysis

After attending the afternoon ICANN Security & Stability Committee meeting, I realized that the issues involved fall into several related but independent dimensions. Shy person that I am *Cough*, I have opinions in all, but I think it's worthwhile simply to be able to explain the Big Picture to media and other folks that aren't immersed in our field. In these notes, I'm trying to maintain neutrality about the issues. I do have strong opinions about most, but I'll post those separately, often dealing with one issue at a time. more

Brad Templeton in Response to Site Finder Controversy

A harmful, highly unilateral and capricious action. Tons of software out there depended on the ability to tell the difference between a domain name which exists and does not. They use that to give a meaningful, locally defined error to the user, or to identify if an E-mail address will work or not before sending the mail. Many used it as a way to tag spam (which came from domains that did not exist). It is the local software that best knows how to deal with the error. more

With No Privacy Standards Who Knows Who Is Abusing The Whois Database

John Banks is a loan officer in New York. John's supervisor recently warned John about the potential number of bad loans he may be carrying as part of his portfolio. To dump some of the bad loans he might be carrying, John came up with a scheme. He pointed his web browser to www.whois.org and entered terms denoting disease or poor health such as 'cancer' and 'illness'. This query on the Internet's WHOIS database reported results of names and addresses of domain name owners who had developed websites devoted to providing information on certain serious illnesses. John compared these names and addresses with those in his portfolio of loans. For the matches, he canceled the loans and required immediate payment-in-full. more

Preventing Future Attacks: Alternatives In DNS Security Management - Part II

In Part I of this article I set the stage for our discussion and overviewed the October 21st DDoS attacks on the Internet's 13 root name servers. In particular, I highlighted that the attacks were different this time, both in size and scope, because the root servers were attacked at the same time. I also highlighted some of the problems associated with the Domain Name System and the vulnerabilities inherent in BIND. Part II of this article takes our discussion to another level by critically looking at alternatives and best practices that can help solve the security problems we've raised. more

Preventing Future Attacks: Alternatives In DNS Security Management - Part I

The October 21 DDoS attacks against the 13 root-name servers containing the master domain list for the Internet's Domain Name System (DNS), (which reportedly took offline 9 of the 13 servers) remain a clear and daunting reminder of the vulnerabilities associated with online security. Many DNS authorities have named the most recent hit the largest DDoS attack against the root server system. Chris Morrow, network security engineer for UUNET, the service provider for two of the world's 13 root servers, recently told The Washington Post... more

Have You Monitored Your DNS Performance Lately?

Domain Name System (DNS) surveys such as that recently conducted by Men & Mice continually demonstrate that the DNS is riddled with errors. Since the DNS continues to work, this raises three questions:

1. Does it matter that the DNS is riddled with errors?
2. Why is it riddled with errors?
3. How can it be fixed? more

Industry Updates

A Deep Dive into Known Magecart IoCs: What Are the Connected Internet Properties?

COVID-19-Related Bulk Domain Registrations: A Possible Case of DNS Abuse?

Protecting Intellectual Property Protects Consumers

"Voltswagen": April Fool's Prank, Brand Turmoil, and Bulk Domain Registrations

What Are the Common Forms of Bulk Domain & Typosquatting Registrations?

We Detected and Analyzed Thousands of CCTV-, Firewall-, and SCADA-themed Domains & Subdomains

How Reverse IP Lookup API Can Help Detect Connected Domains

Come April, Nothing Is Certain Except Phishing and Taxes

Expanding the List of Artifacts for the Recent JPMorgan Chase Squatting Campaign

An In-Depth Look at the Risks Kozow.com Subdomains May Pose to Internet Users

How Do You Choose the Best Threat Intelligence Platform for Your Company?

Keeping Track of Ramnit through Artifact Expansion

A List of Potential Attack Artifacts for the Top 3 Phished Brands in 2020

A Look at Recent Attacks on K-12 Distance Learning Providers Using Domain Intelligence

SolarWinds Cyber Intel Analysis Part 2: A Look at Additional CISA-Published IoCs