Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
For several years, DNS-OARC has been collecting DNS query data "from busy and interesting DNS name servers" as part of an annual "Day-in-the-Life" (DITL) effort (an effort originated by CAIDA in 2002) that I discussed in the first blog post in this series. DNS-OARC currently offers eight such data sets, covering the queries to many but not all of the 13 DNS root servers (and some non-root data) over a two-day period or longer each year from 2006 to present. more
Last year, MAAWG published a white paper titled Trust in Email Begins with Authentication [PDF], which explains that authentication (DKIM) is “[a] safe means of identifying a participant-such as an author or an operator of an email service” while reputation is a “means of assessing their trustworthiness.”
moreThe website designated by Dell Inc. to help customers recover from malicious software and other computer maladies may have been hijacked for a few weeks this summer by people who specialize in deploying said malware, reports Brian Krebs in KrebsOnSecurity. more
The UK government on Wednesday announced plans to introduce new laws for internet connected devices to better enforce the inclusion of basic cybersecurity features into IoT devices. more
U.S. senators on Tuesday announced plans to introduce legislation seeking to address vulnerabilities in IoT devices. more
Like many people, I was taken by surprised by Google's announcement about its threatened withdrawal from China in the wake of continued censorship and attacks that appeared to emanate from there. My immediate reaction was quite simple: "Wow". There's been a lot of speculation about just why they pulled out. Some reports noted that Google has been losing market share to Baidu... I don't think, though, that that's the whole story. more
The US Department of Defense is seeking private sector's help to "vault DOD" into the world of elastic computing, data management and analytics, cybersecurity, and machine learning. more
Cybersecurity job postings in the United States has nearly doubled since 2013 and is growing three times as fast as other IT roles, according to a new report from the labor market analytics firm Burning Glass Technologies. more
In previous posts in this series, I've discussed a number of applications of cryptography to the DNS, many of them related to the Domain Name System Security Extensions (DNSSEC). In this final blog post, I'll turn attention to another application that may appear at first to be the most natural, though as it turns out, may not always be the most necessary: DNS encryption. (I've also written about DNS encryption as well as minimization in a separate post on DNS information protection.) more
Today the e-mail faerie brought news of the release of BIND9 9.10.0 which can be downloaded from here. BIND9 is the most popular name server on the Internet and has been ever since taking that title away from BIND8 which had a few years earlier taken it from BIND4. I used to work on BIND, and I founded ISC, the home of BIND, and even though I left ISC in July 2013 to launch a commercial security startup company, I remain a fan of both ISC and BIND. more
Sometimes, a government agency will post a PDF that doesn't contain searchable text. Most often, it's a scan of a printout. Why? Don't the NSA, the Department of Justice, etc., know how to convert Word (or whatever) directly to PDF? It turns out that they know more than some of their critics do. The reason? With a piece of paper, you know much more about what you're actually disclosing. more
Anyone that has attended a meeting of the Internet Engineering Task Force (IETF) will know that the somewhat dry topic of internet protocols is often the source of passionate disagreement. But rarely does that debate extend beyond the confines of internet engineers. That has not been the case with a new protocol which aims to make the Internet's underlying domain name system more secure by default. more
With the increasing popularity of IoT devices and the added interest of transition to IPv6, a whole new range of threat vectors are evolving that allow attackers to set up undetectable communications channels across networks. more
In the debate about "exceptional access" to encrypted conversations, law enforcement says they need such access to prevent and solve crimes; cryptographers, on the other hand, keep saying it's too complicated to do safely. That claim is sometimes met with skepticism: what's so hard about encryption? After all, you learn someone's key and just start encrypting, right? I wish it were that simple - but it's not. more
As I was entering in data for the weekly DNSSEC Deployment Maps, I was struck by the fact that we are now at the point where 617 of the 795 top-level domains (TLDs) are now signed with DNSSEC. You can see this easily at Rick Lamb's DNSSEC statistics site...Now, granted, most of that amazing growth in the chart is because all of the "new generic TLDs" (newgTLDs) are required to be signed with DNSSEC, but we are still seeing solid growth around the world. more
A World-Renowned Source for Internet Developments. Serving Since 2002.