A substantial amount of DNS community discussion on the topic of DNS Abuse is focused on defining what is or is not DNS Abuse. The definition adopted by ICANN contracted parties, as well as the DNS Abuse Institute, is straightforward: DNS Abuse is malware, botnets, pharming, phishing, and spam where it's a vehicle for the preceding harms. There is, of course, some fuzziness on the margins, where technical harms are also using content. more
It was not without a little trepidation that I planned the 2nd DNS Abuse Institute Forum to focus on the long-standing and often contentious definitional issues surrounding DNS Abuse. While the risk of getting stuck in the usual entrenched positions was real, it seemed to me that we had an opportunity to provide some clarity and if not change minds, at least provide perspective. more
The ways in which the Internet is embedded in our daily lives are too varied and numerous to catalogue. The Internet delivers information, access to goods, services, education, banking, social interaction and, increasingly, work space. The global pandemic has only heightened our dependence on the online world, which is why efforts to ensure that the Internet remains a trusted and secure environment are more important than ever. more
Managing the risk of third parties has become a compliance focus for many large organizations. Companies even work with third-party service providers and external vendors just to manage this risk. The recent SolarWinds attack escalates the critical need for chief compliance officers to collaborate with their business counterparts to identify and mitigate potentially unknown threats that lie within third-party supply chains. Yet how can companies manage this risk when it's not if but when you're attacked? more
The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system and IP addressing. The 10th ROW will be held online on Tuesday, June 8th, 2021 at 13h00-17h00 UTC. Click to learn more about the discussion topics and registration details. more
Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more
The DNS Operations, Analysis, and Research Centre (DNS-OARC) convened OARC-35 at the start of May. Here are some thoughts on a few presentations at that meeting that caught my attention... These days it seems that the term "the digital economy" is synonymous with "the surveillance economy." Many providers of services on the Internet spend a lot of time and effort assembling profiles of their customers. These days, it's not just data in terms of large-scale demographics but the assembling of large sets of individual profiles. more
Many in the network security field may be familiar with the phrase: "It's always DNS." This is a popular meme within the industry, often making reference to the internal domain name system (DNS), the dynamic host configuration protocol (DHCP) part of a company's online network, that whenever there is a network issue, it's always an issue with DNS. more
In light of the Biden administration's recent efforts in protecting critical infrastructure from cyber threats, new research from CSC indicates that a majority of the top energy companies in the U.S. are vulnerable to attack due to shortcomings in their online operations. Specifically, these organizations are vulnerable to domain name and domain name system (DNS) hijacking and phishing attacks based on their lack of effective domain security. more
Public Interest Registry (PIR) announced the creation of the DNS Abuse Institute about two months ago as it believes that "every .ORG makes the world a better place" and "anything that gets in the way of that is a threat," notably in the form of Domain Name System (DNS) abuse. To show support for the initiative, WhoisXML API analyzed monthly typosquatting data feeds for December 2020, January 2021, and February 2021 to identify .ORG domain trends... more