Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Threat Intelligence |
Sponsored by |
|
Planning for a short trip to Hong Kong tomorrow reminded me of Jonathan Shea, something I wanted to blog about but was waiting for the hype around the new generic Top-Level Domains (TLDs) to cool down. Jonathan Shea is an old friend who is in-charge of ".hk". I had the pleasure to catch up with him in Paris ICANN meeting. Before Jonathan, let me talk about something related that happened in Paris. At the Cross Constituency Meeting, there was a presentation by the Anti-Phishing Working Group (APWG). In summary, they were proposing working with registries to take down domain names that are suspected to be involved in phishing. more
Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental... more
The design of DNS included an important architectural decision: the transport protocol used is user datagram protocol (UDP). Unlike transmission control protocol (TCP), UDP is connectionless, stateless, and lightweight. In contrast, TCP needs to establish connections between end systems and guarantees packet ordering and delivery. DNS handles the packet delivery reliability aspect internally and avoids all of the overhead of TCP. There are two problems this introduces. more
In Internet Draft draft-lee-dnsop-scalingroot-00.txt, I described with my coauthors a method of distributing the task of providing DNS Root Name Service both globally and universally. In this article I will explain the sense of the proposal in a voice meant to be understood by a policy-making audience who may in many cases be less technically adept than the IETF DNSOP Working Group for whom the scalingroot-00 draft was crafted. I will also apologize for a controversial observation concerning the addition of new root name servers... more
Google today announced that its "Public DNS" service is now performing DNSSEC validation. Yunhong Gu, Team Lead for Google Public DNS, in post today wrote: "We launched Google Public DNS three years ago to help make the Internet faster and more secure.Today, we are taking a major step towards this security goal: we now fully support DNSSEC (Domain Name System Security Extensions) validation on our Google Public DNS resolvers." more
During the 11th Internet Governance Forum (IGF), a United Nations-convened conference taking place in Mexico, 6-9 December, the Internet Society urged the global Internet community to redouble its efforts in addressing the wave of unprecedented challenges facing the Internet. more
"Massive Email Bombs Target .Gov Addresses," Brian Krebs writes in Krebs on Security: "Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov) email inboxes with subscription requests to thousands of email lists." more
Data solutions provider Return Path has released a new report highlighting 20 visionary ideas for brands to "futureproof" their email program. Among various insights, the report warns brands that adoption of IPv6 will result in rising dependency on domain-based reputation. more
Last week, The New York Times website domain was hacked by "the Syrian Electronic Army". Other famous websites faced the same attack in 2012 by the Hacker group "UGNazi" and, in 2011 by Turkish hackers. Basically, it seems that no Registrar on the Internet is safe from attack, but the launching of new gTLDs can offer new ways to mitigate these attacks. more
A Verizon partner is reported to have exposed millions of Verizon customer accounts due to a misconfigured cloud-based file. more
It would be reasonable to assume that your employer is archiving your email communications. But what about your personal emails, texts, phone calls and Facebook posts. Are these really private? Not for long, if the UK government has its way. It has been reported that its new anti-terror plan, if passed, would require Internet providers and phone companies to store all online communications by UK citizens for one year. more
Chinese hackers have breached U.S. Navy contractors to steal a wide range of data from ship-maintenance data to missile plans through what is reported as the most debilitating cyber campaigns linked to Beijing. more
There is a current ongoing Internet emergency: a critical 0day vulnerability currently exploited in the wild threatens numerous desktop systems which are being compromised and turned into bots, and the domain names hosting it are a significant part of the reason why this attack has not yet been mitigated. This incident is currently being handled by several operational groups. This past February, I sent an email to the Reg-Ops (Registrar Operations) mailing list. The email, which is quoted below, states how DNS abuse (not the DNS infrastructure) is the biggest unmitigated current vulnerability in day-to-day Internet security operations, not to mention abuse. more
As I was entering in data for the weekly DNSSEC Deployment Maps, I was struck by the fact that we are now at the point where 617 of the 795 top-level domains (TLDs) are now signed with DNSSEC. You can see this easily at Rick Lamb's DNSSEC statistics site...Now, granted, most of that amazing growth in the chart is because all of the "new generic TLDs" (newgTLDs) are required to be signed with DNSSEC, but we are still seeing solid growth around the world. more
The National Cybersecurity Center of Excellence (NCCoE) has invited comments on a draft practice guide to help organizations improve email security and defend against phishing, man-in-the-middle, and other types of email-based attacks. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
