DNS Security

DNS Security / Featured Blogs

Why You Must Learn to Love DNSSEC

Jun 20, 2018

It's been nearly two months since the high profile BGP hijack attack against MyEtherwallet, where crypto thieves used BGP leaks to hijack MEW's name servers, which were on Amazon's Route53, and inserted their own fake name servers which directed victims to their own fake wallet site, thereby draining some people's wallets. It generated a lot of discussion at the time... What isn't fully appreciated is that attack has, in fact, changed the game somewhat... more

Call for Participation - ICANN DNSSEC Workshop at ICANN62, Panama City

Apr 20, 2018

Would you like to share information about how you are using DNSSEC with the wider technical community? Do you have an idea for how to make DNSSEC or DANE work better? Or work with new applications? If so - and if you will be attending ICANN 62 in Panama City, Panama from 25-28 June 2018 - then please consider sending in a proposal to participate as a speaker in the ICANN 62 DNSSEC Workshop! more

Takeaways from the DNS-OARC’s 28th Workshop

Mar 14, 2018

March has seen the first of the DNS Operations, Analysis, and Research Center (OARC) workshops for the year, where two days of too much DNS is just not enough! These workshops are concentrated within two days of presentations and discussions that focus exclusively on the current state of the DNS. Here are my impressions of the meeting. more

Have We Reached Peak Use of DNSSEC?

Feb 24, 2018

The story about securing the DNS has a rich and, in Internet terms, protracted history. The original problem statement was simple: how can you tell if the answer you get from your query to the DNS system is 'genuine' or not? The DNS alone can't help here. You ask a question and get an answer. You are trusting that the DNS has not lied to you, but that trust is not always justified. more

CircleID’s Top 10 Posts of 2017

Jan 08, 2018

It is once again time for our annual review of posts that received the most attention on CircleID during the past year. Congratulations to all the 2017 participants for sharing their thoughts and making a difference in the industry. 2017 marked CircleID's 15th year of operation as a medium dedicated to all critical matters related to the Internet infrastructure and services. We are in the midst of historic times, facing rapid technological developments and there is a lot to look forward to in 2018. more

DDOS and the DNS

Nov 27, 2017

The Mirai DDOS attack happened just over a year ago, on the 21st October 2016. The attack was certainly a major landmark regarding the sorry history of "landmark" DDOS attacks on the Internet. It's up there with the Morris Worm of 1988, Slammer of 2002, Sapphine/Slammer of 2009 and of course Conficker in 2008. What made the Mirai attack so special? more

Caribbean Businesses Can Make Good Use of Free DNS Security

Nov 22, 2017

IBM Security, Packet Clearing House (PCH) and Global Cyber Alliance (GCA) unveiled a free Domain Name System (DNS) service designed to protect all Internet users from a wide range of common cyber threats. Launched on November 16 with simultaneous press events in London, Maputo and New York, the public DNS resolver has strong privacy and security features built-in and can be enabled with a few changes to network settings, as outlined on the organisation's website. more

An Overview of the 27th DNS Operations, Analysis, and Research Center Meetings

Oct 04, 2017

The DNS Operations, Analysis, and Research Center (DNS-OARC) meetings are an instance of a meeting that concentrates on the single topic of the DNS, and in this case, it delves as deep as anyone is prepared to go! It's two days where too much DNS is barely enough! The hot topic of the meeting was the news that the proposed roll of the Key-Signing-Key of the root zone of the DNS, originally scheduled for October 11, was to be postponed. more

A Closer Look at Postponing of the Root Zone KSK Rollover Decision

Sep 30, 2017

On Sept. 27, Internet Corporation for Assigned Names and Numbers (ICANN) announced that the first root zone Key Signing Key (KSK) rollover - originally scheduled to take place on Oct. 11 - will be postponed. Although this was certainly a difficult decision, we fully agree that erring on the side of caution is the best approach to take. In this blog post, I want to explain some of the involvement Verisign has had in KSK rollover preparations, as well as some of the recently available research opportunities which generated data that we shared with ICANN related to this decision. more

Evolution of the Dot Brand Domains in 5 Years

Aug 28, 2017

ICANN's last new gTLD application closed in 2012 with more than 600 brands applying for their dot brand. Dot brand domains associate a keyword or keyphrase and a brand name in a complete domain name... To understand better how the evolution of the dotBrand has been throughout these years, number of websites launched, redirects, registries etc, Dot Brand Observatory prepared a few visual graphics. more

Industry Updates

On the Hunt for Remnants of the Samourai Wallet Crypto Mixing Services in the DNS

A Peek at the V3B Phishing Kit Attack via the DNS Lens

Tracking Down Fake Cryptocurrency Sellers Using DNS Intelligence

Following the DNS Trail of APT Group Newbie Unfading Sea Haze

On the DNS Trail of the Foxit PDF Bug Exploitation Attackers

Profiling a Popular DDoS Booter Service’s Ecosystem

A DNS Investigation of the Phobos Ransomware 8Base Attack

Stately Taurus APT Group Targets Asian Countries: What Do the Campaign IoCs Reveal?

Looking for More Signs of Nitrogen in the DNS

Thoughts on RDRS for Brand Owners

  • By CSC
  • May 13, 2024

Unraveling the World of Security Data Aggregation

A DNS Investigation of the Typhoon 2FA Phishing Kit

Examining a U.S. Tax Scammer’s Web Infrastructure through the DNS Lens

Hunting for TimbreStealer Malware Artifacts in the DNS

Uncovering Suspicious Download Pages Linked to App Installer Abuse

View More