Threat Intelligence |
Sponsored by |
|
The most recent episode of The Ask Mr. DNS Podcast offers up some disturbing corroborating evidence as to the extent of DNS filtering and outright blocking occurring in China. VeriSign's Matt Larson and InfoBlox's Cricket Liu, who co-host the geeky yet engaging and extremely informative show, held a roundtable discussion including technical experts from dynamic name service providers (better known as "managed DNS" services) DynDNS, TZO, No-IP, and DotQuad, as well as Google and Comcast. more
The deployment of Domain Security Extensions (DNSSEC) has crossed another milestone this month with the publication of DURZ (deliberately unvalidatable root zone) in all DNS root servers on 5 May 2010. While this change was virtually invisible to most Internet users, this event and the remaining testing that will occur over these next two months will dictate the ultimate success of DNSSEC deployment across the Internet. more
In case you missed it, last Thursday, May 6, we saw a remarkable day on the stock markets. The day started off with some selling which went down neat and orderly. Suddenly, around 2:40 pm eastern time, the market started selling off rapidly taking huge hits in in the span of 30 minutes. It was an incredible ride and at one point, the Dow Jones average was off 1000 points for the day, the largest drop in history (though not the largest percentage drop). It was kind of like October of 1987. more
I'm not even sure how to begin this post, but let me tell you -- my head explodes when I try to contact WHOIS "contacts" about criminal activity - FAIL. I think ICANN wants to do the right thing here, and has stated on multiple occasions that inaccurate WHOIS data is reason for registrar termination. That's a Good Thing... more
The project to sign the DNS root zone with DNSSEC took an additional step toward completion yesterday with the last of the "root server" hosts switching to serving signed DNSSEC data. Now every DNS query to a root server can return DNSSEC-signed data, albeit the "deliberately unvalidatable" data prior to the final launch. Another key piece for a working signed root is the acceptance of trust anchors in the form of DS records from top-level domain operators. These trust anchors are used to form the chain of trust from the root zone to the TLD. more
Since November of last year we have been discussing the problem of illicit and illegal online pharmacy support by ICANN-accredited Registrars. In several articles and direct contact with the Registrars we have tirelessly tried to convey the seriousness of this problem, many listened, some did not... With the background information already known, the case presented here is much more specific and concerns EvaPharmacy, which was until recently, the world's largest online criminal pharmacy network. more
IT security specialists have known for years that the plain DNS is not to be trusted. Any hope for improvement rests on the DNSSEC protocol deployment. In this post, I will review the current status in one critical aspect, namely the DNS root signature key management. The other two foremost are the application usage of DNSSEC protocol functionality and the operational front, or the extent of deployment in the DNS infrastructure. The operational front includes the support by the DNS root nameservers, but my focus on signature key management leaves this issue aside. more
One of the RSS feeds that I read is Reason magazine, which is a web site for libertarians. In general, libertarians want less government intervention both in our personal lives and in the economy. The idea behind libertarians is that today's Republicans want less government intervention in our economy but are perfectly fine to have them dictate some aspects of morality. Similarly, today's Democrats want less government intervention in our personal lives but are perfectly fine with creating government bureaucracy to deliver social services. That's an oversimplified summary, but is more or less correct. About two months ago I got an article in my RSS feed where Reason was commenting on the government's response to the cyber war threats. more
In the past few months, a flurry of gift card scams leveraging such high-profile brands as Best Buy, Whole Foods and IKEA have emerged on Facebook. These scams often use the brand's logo, website URL, or general "look and feel" on Facebook "fan" pages to give the impression that these offers are legitimate. Some scams are even bold enough to include bogus, non-interactive fan comments to add a greater sense of authenticity to the gift card offer. To date, these scams have been successful at tricking tens of thousands of consumers. In just one day, for example, a fan page titled "IKEA Get a FREE $1000 IKEA Gift Card! (ONLY AVAILABLE 1 DAY)" registered 40,000 fans before being shut down. more
Gary Warner over at Cyber Crime and Doing Time has a good post up this week about the CallService.biz website being shut down. I have posted a few good excerpts and added my comments to the end. ... Warner's take on the world of spam, malware, hacking and phishing is that unless people actually go to jail because they are spamming, the problem of spamming will never get better. That's because when the security industry fixes the latest hole or comes up with a new technology to stop the newest threat, spammers simply move onto another. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
