DNS |
Sponsored by |
|
The ways in which the Internet is embedded in our daily lives are too varied and numerous to catalogue. The Internet delivers information, access to goods, services, education, banking, social interaction and, increasingly, work space. The global pandemic has only heightened our dependence on the online world, which is why efforts to ensure that the Internet remains a trusted and secure environment are more important than ever. more
It has been just over 3 years since the General Data Protection Regulation (GDPR) came into effect, and the work within ICANN (type "EPDP 2a" into your acronym decoder ring) to develop a permanent Registration Data policy is progressing at a snail's pace. At issue is a proposed mandatory requirement for Contracted Parties (really just Registrars), to differentiate between "legal persons" (a fancy way of saying corporations and similar organizations) and "natural persons" (the kind that eat and breathe and schedule Zoom calls). more
Managing the risk of third parties has become a compliance focus for many large organizations. Companies even work with third-party service providers and external vendors just to manage this risk. The recent SolarWinds attack escalates the critical need for chief compliance officers to collaborate with their business counterparts to identify and mitigate potentially unknown threats that lie within third-party supply chains. Yet how can companies manage this risk when it's not if but when you're attacked? more
The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system and IP addressing. The 10th ROW will be held online on Tuesday, June 8th, 2021 at 13h00-17h00 UTC. Click to learn more about the discussion topics and registration details. more
Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more
The DNS Operations, Analysis, and Research Centre (DNS-OARC) convened OARC-35 at the start of May. Here are some thoughts on a few presentations at that meeting that caught my attention... These days it seems that the term "the digital economy" is synonymous with "the surveillance economy." Many providers of services on the Internet spend a lot of time and effort assembling profiles of their customers. These days, it's not just data in terms of large-scale demographics but the assembling of large sets of individual profiles. more
New Zealand's .nz operator, InternetNZ, on Wednesday disclosed a vulnerability against authoritative DNS servers. The vulnerability called TsuNAME was first detected in February 2020 in the .nz registry and found that it could be exploited to carry out Denial-of-Service (DoS) attacks across the world. more
The report, "A Decade of Passive DNS" provides a longitudinal analysis of the use and popularity of top-level domains over a ten-year period. The findings are based on what Farsight Security has seen in passive DNS from 2010-2019 based on a ten-year data rollup, excluding DNSSEC-related records. This study allows us to report on four measures for that period for each of the 1,576 IANA-recognized TLDs. more
Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse. This theme has been rising in prominence every year since 2018, and 2021 appears to be the tipping point, in which consensus has built around the idea that more can be accomplished in terms of reducing the impact of rogue actors using the Internet for malicious purposes. more
The celebrated security researcher, Dan Kaminsky, widely known for his work on discovering cruicisl DNS security flaws, Sony Rootkit infections and pupular talk at the Black Hat Briefings. more
In light of the Biden administration's recent efforts in protecting critical infrastructure from cyber threats, new research from CSC indicates that a majority of the top energy companies in the U.S. are vulnerable to attack due to shortcomings in their online operations. Specifically, these organizations are vulnerable to domain name and domain name system (DNS) hijacking and phishing attacks based on their lack of effective domain security. more
Public Interest Registry (PIR) announced the creation of the DNS Abuse Institute about two months ago as it believes that "every .ORG makes the world a better place" and "anything that gets in the way of that is a threat," notably in the form of Domain Name System (DNS) abuse. To show support for the initiative, WhoisXML API analyzed monthly typosquatting data feeds for December 2020, January 2021, and February 2021 to identify .ORG domain trends... more
Cyber attackers are very skilled at infiltration. They'd find ways into a house through cracks and holes that the homeowner doesn't know about. Analogically speaking, that's what the new cyber attack group dubbed "Hafnium" did when they identified several zero-day Microsoft Exchange vulnerabilities to get into target networks. With thousands of users for every Microsoft Exchange server, the attack has far-reaching implications. First, it establishes the presence of a new threat actor group in town. What else could they be up to? more
Completely eradicating malware, botnets, phishing, pharming, and spam from the Domain Name System is not possible. That may be an odd statement from someone who just took the leadership position at the DNS Abuse Institute, but it's meant to underscore the scope of the work ahead of us. There will always be bad actors exploiting the DNS for their own criminal purposes, but working together, we can mitigate their impact. more
Domain names, domain name systems (DNS), and digital certificates are fundamental components of the most important applications that enable your company to conduct business - including your website, email, voice-over IP, and more. However, these vital applications are being attacked with an increasingly high level of sophistication and severity. more
A World-Renowned Source for Internet Developments. Serving Since 2002.