Threat Intelligence

Sponsored
by

Noteworthy

Reverse WHOIS: A Powerful Process in Cybersecurity

WHOIS History API: Powering Domain Investigations

Domain Research and Monitoring: Keeping an Eye on the Web for You

Threat Intelligence / Most Commented

Broadband Routers and Botnets: Being Proactive

In this post I'd like to discuss the threat widely circulated insecure broadband routers pose today. We have touched on it before. Today, yet another public report of a vulnerable DSL modem type was posted to bugtraq, this time about a potential WIRELESS flaw with broadband routers being insecure at Deutsche Telekom. I haven't verified this one myself but it refers to "Deutsche Telekom Speedport w700v broadband router"... more

Domain Name Resale Market a Haven for Phishers?

In a recent article at TechWeb, the following observations were made: "Internet addresses that appeal to identity thieves eager to rip off consumers are being posted by major domain resellers... Finnish-based F-Secure has identified more than 30 registered domain names for resale that would be of interest only to the legitimate holder of the trademark or to phishers..." more

China Betting on IPv6 and First Mover Advantage

The United States' reluctance to invest in IPv6 makes it more likely that China will be in a position to gain the first-mover advantage it seeks. ...Liu Dong, president of the Beijing Internet Institute sums it up succinctly: "We think we can develop the killer applications," he says. China plans to show the rest of the world just how advanced its Internet is at the 2008 Olympics in Beijing. CNGI will control the facilities -- everything from security cameras to the lighting and thermostats -- at the Olympic venues, and events will be broadcast live over the Internet. Even the taxis in Beijing's snarled traffic will connect to CNGI via IPv6 sensors so that dispatchers will be able to direct their drivers away from congestion. more

Phishing: Competing on Security

The UK today is one of the main attack targets by phishing organized crime groups, globally. Phishing damages will amount to about two billions USD in 2006 worldwide -- not counting risk management measures such as preventative measures, counter-measures, incident response and PR damages. In most cases, phishing is caused by the fault of the users, either by entering the wrong web page, not keeping their computers secure or falling for cheap scams. Often this is due to lack of awareness or ability in the realm of Internet use rather than incompetence by the users... more

DNSSEC Deployment at the Root

The DNSSEC is a security protocol for providing cryptographic assurance (i.e. using the public key cryptography digital signature technology) to the data retrieved from the DNS distributed database (RFC4033). DNSSEC deployment at the root is said to be subject to politics, but there is seldom detailed discussion about this "DNS root signing" politics. Actually, DNSSEC deployment requires more than signing the DNS root zone data; it also involves secure delegations from the root to the TLDs, and DNSSEC deployment by TLD administrations (I omit other participants involvement as my focus is policy around the DNS root). There is a dose of naivety in the idea of detailing the political aspects of the DNS root, but I volunteer! My perspective is an interested observer. more

VoIP Security FUD

I'm continually amazed by the amount of FUD being spread with regard to VoIP security threats. People...the sky is not falling. VoIP isn't e-mail. It isn't implemented like e-mail, it won't be implemented like e-mail (maybe "it shouldn't be implemented like e-mail" is a more appropriate statement). Following best security practices will ensure at least a level of security equivalent to current TDM systems. Best FUD I've heard this week: VoIP is insecure because you can simply put a bridge on an ethernet line and capture a stream. Hey, has anyone ever heard of alligator clips? more

New Study Revealing Behind the Scenes of Phishing Attacks

The following is an overview of the recent Honeynet Project and Research Alliance study called 'Know your Enemy:Phishing' aimed at discovering practical information on the practice of phishing. This study focuses on real world incidents based on data captured and analyzed from the UK and German Honeynet Project revealing how attackers build and use their infrastructure for Phishing based attacks. "This data has helped us to understand how phishers typically behave and some of the methods they employ to lure and trick their victims. We have learned that phishing attacks can occur very rapidly, with only limited elapsed time between the initial system intrusion and a phishing web site going online..." more

What is ‘Pharming’ and Should You Be Worried?

The sky is falling! The sky is falling! ...or is it? What is this thing called "pharming"? Put simply, it's redirection of web traffic, so that the server you think you're talking to actually belongs to a criminal. For example: you think you're talking to www.examplebank.com because it says so in the browser's address bar, but actually you're connected to www.mafia-R-us.ru. This can happen in three main ways: 1. DNS Hijack: a social engineering attack on the Internet infrastructure... more

History of SMTP

The following excerpt is from the Free Software Magazine, March 2005 Issue, written by Kirk Strauser. To read the entire article, you may download the magazine here [PDF]. Also thanks to Yakov Shafranovich for making us aware of this publication. "Spam has existed since at least 1978, when an eager DEC sales representative sent an announcement of a product demonstration to a couple hundred recipients. The resulting outcry was sufficient to dissuade most users from repeating the experiment. This changed in the late 1990s: millions of individuals discovered the internet and signed up for inexpensive personal accounts and advertisers found a large and willing audience in this new medium." more

CENTR Statement on IDN Homograph Attacks

Recently a proof of concept attack was announced on the Internet that demonstrated how a web address could be constructed that looked in some web browsers identical to that of a well known website. This technique could be used to trick a user into going to a website that they did not plan on visiting, and possibly provide sensitive information to a third party. As a result of this demonstration, there has been a number of voices calling for web browsers to disable or remove support for IDNs by default. ...CENTR, a group of many of the world's domain registries - representing over 98% of domain registrations worldwide - believes such strong reactions are heavily detrimental... more

Survey Predicts Attacks on the Network Infrastructure Within 10 Years

Pew Internet Project has released a report called "The Future of the Internet" based on a recently conducted survey where 1,286 internet experts are said to have looked at the future impact of the internet and assessed predictions about how technology and society will unfold. The following is and excerpt from the report predicting at least one devastating attack will occur in the next 10 years on the networked information infrastructure or the United States power grid. more

Report from UN Spam Meeting in Geneva

The International Telecommunication Union (ITU), held an ITU WSIS Thematic Meeting on Countering Spam from 7 to 9 July 2004, in Geneva, Switzerland. The meeting was focused around various topics including: Scope of the problem, Technical solutions, Consumer protection and awareness, Legislation and enforcement, and International cooperation. The following is a report by William J. Drake, Senior Associate International Centre for Trade and Sustainable Development in Geneva. more

ISC Changes Name to Internet Systems Consortium

Internet Systems Consortium (ISC), formerly Internet Software Consortium, has changed its name to better reflect the new direction of the organization. The renamed company has expanded the mission of the original ISC to include more focus on Global DNS operations. In addition to developing and maintaining production quality Open Source software, such as BIND and DHCP, ISC will now enhance the stability of the global DNS through reliable F-root nameserver operations and ongoing operation of a DNS crisis coordination center, ISC's OARC for DNS; and further protocol development efforts, particularly in the areas of DNS evolution and facilitating the transition to IPv6. more

VeriSign’s New Security Seal Too Trusting?

On November 4, 2003, VeriSign announced a new "trust enhancing" seal which they built using Macromedia's Flash technology...While there are problems inherent to VeriSign's approach that call into question their understanding of "The Value of Trust," there are ways they could have made this particular implementation less trivially spoofable. The flaws I demonstrate on this page are flaws in the concept and the execution rather than anything inherently flawed in Flash. Overall this kind of graphical "trustmark" is extremely easy to forge just by recreating the artwork. But in this case, you don't even have to do that. The seal can still be called directly off the VeriSign servers, yet it is easily modified, without recreating artwork, and without doing anything untoward with VeriSign's servers! more

SECSAC Special Meeting on Site Finder: A Technical Analysis

After attending the afternoon ICANN Security & Stability Committee meeting, I realized that the issues involved fall into several related but independent dimensions. Shy person that I am *Cough*, I have opinions in all, but I think it's worthwhile simply to be able to explain the Big Picture to media and other folks that aren't immersed in our field. In these notes, I'm trying to maintain neutrality about the issues. I do have strong opinions about most, but I'll post those separately, often dealing with one issue at a time. more