Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Cybersecurity |
Sponsored by |
|
It's late in the new gTLD day and the program looks to be inching ever closer to the finish line. Yet last minute hiccups seem to be a recurring theme for this ambitious project to expand the Internet namespace far beyond the 300 odd active TLDs in existence today (counting generics and country codes). A drive for growth which is already underway, with 63 gTLD contracts now signed as of mid September... But will those users find themselves at greater risk because of this namespace expansion? That's what several parties have been asking in recent months. more
The difficulty of applying a hierarchically organized PKI to the decentralized world of Internet routing is being fully exposed in a new Internet-draft. The document represents a rational response to an RPKI that closely ties address resources to a handful of Internet governance institutions, nicely illustrates how governments and national security policy are influencing Internet security, and portends substantial costs for network operators and beyond if adopted widely more
In a recent blog post, Dan Jaffe, Association of National Advertisers' Executive VP of Government Relations, shares some concerns about ICANN's "overly rapid Top Level Domain rollout". more
Previous posts (Part 1 and Part 2) offer background on DNS amplification attacks being observed around the world. These attacks continue to evolve. Early attacks focused on authoritative servers using "ANY" queries for domains that were well known to offer good amplification. Response Rate Limiting (RRL) was developed to respond to these early attacks. RRL, as the name suggests, is deployed on authoritative servers to rate limit responses to target names. more
As we blogged about recently, Neustar is committed to ensuring that the domain name system is secure and stable and has been operating top-level domains (TLDs) for over a decade. Tuesday, Neustar submitted comments to the Internet Corporation for Assigned Names and Numbers (ICANN) in response to ICANN's proposal to delay the launch of hundreds of new generic top-level domains (gTLDs). ICANN's decision to delay the launch is based on a study it commissioned that measured the potential frequency of domain-name collision. more
There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish. more
This weekend Jari Arkko, Chair of the Internet Engineering Task Force (IETF), and Stephen Farrell, IETF Security Area Director, published a joint statement on the IETF blog titled: "Security and Pervasive Monitoring"... They go on to outline some of the IETF's general principles around security and privacy as well as some of the new developments. They also point out a vigorous (and still ongoing) discussion within the IETF around how to improve the security of the Internet in light of recent disclosures. more
Last week, The New York Times website domain was hacked by "the Syrian Electronic Army". Other famous websites faced the same attack in 2012 by the Hacker group "UGNazi" and, in 2011 by Turkish hackers. Basically, it seems that no Registrar on the Internet is safe from attack, but the launching of new gTLDs can offer new ways to mitigate these attacks. more
Since Verisign published its second SSR report a few weeks back, recently updated with revision 1.1, we've been taking a deeper look at queries to the root servers that elicit "Name Error," or NXDomain responses and figured we'd share some preliminary results. Not surprisingly, promptly after publication of the Interisle Consulting Group's Name Collision in the DNS [PDF] report, a small number of the many who are impacted are aiming to discredit the report. more
Geoff Huston's recent post about the rise of DNS amplification attacks offers excellent perspective on the issue. Major incidents like the Spamhaus attack Geoff mentions at the beginning of his post make headlines, but even small attacks create noticeable floods of traffic. These attacks are easy to launch and effective even with relatively modest resources and we see evidence they're occurring regularly. Although DNS servers are not usually the target of these attacks the increase in traffic and larger response sizes typically stress DNS infrastructure and require attention from operation teams. more
Any new top level domain approved for the Internet will have to be more than just a single label. ICANN's new gTLD program committee (NGPC) has decided to ban the use of "dotless domains". TLD operators that had planned to use their new suffix as a keyword, i.e. just the string and nothing else, will now have to reconsider. more
Something bad happens online. I can tie that something-bad back to an IP address. Do I know who did the bad thing? According to the Federal District Court in Arizona, I don't. An IP address may identify the owner of an Internet access account; it does not identify who was online at that particular time and who may be responsible for the actions in question. In Breaking Glass Pictures v Does, DAZ 2013, Plaintiff brought a claim for copyright infringement, wants early discovery, but the court is refusing. more
Throughout this series of blog posts we've discussed a number of issues related to security, stability, and resilience of the DNS ecosystem, particularly as we approach the rollout of new gTLDs. Additionally, we highlighted a number of issues that we believe are outstanding and need to be resolved before the safe introduction of new gTLDs can occur - and we tried to provide some context as to why, all the while continuously highlighting that nearly all of these unresolved recommendations came from parties in addition to Verisign over the last several years. more
Most people - mistakenly - believe that they are perfectly safe behind a firewall, network address translation (NAT) device or proxy. The fact is quite the opposite: if you can get out of your network, someone else can get in. Attackers often seek to compromise the weakest link in a network and then use that access to attack the network from the inside, commonly known as a "pivot-and-attack." more
My blog 'What PRISM, credit card hacking and Chromecast have to do with FttH' led to some very interesting discussions all around the world. One of issues that was discussed was that the sheer capacity of FttH will also allow hackers, criminals and others to use that massive capacity for the wrong reasons. Its volume will make it increasingly difficult to police. more
A World-Renowned Source for Internet Developments. Serving Since 2002.