Threat Intelligence

Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

Reverse WHOIS: A Powerful Process in Cybersecurity

Threat Intelligence / Most Viewed

Sorry, Not Sorry: WHOIS Data Must Remain Public

In March, I posted a call to action to those of us in the community who have the inclination to fight against a movement to redact information critical to anti-abuse research. Today, I felt compelled to react to some of the discussions on the ICANN discussion list dedicated to the issue of WHOIS reform: Sorry, not sorry: I work every working hour of the day to protect literally hundreds of millions of users from privacy violating spam, phish, malware, and support scams. more

Securing a Domain: SSL vs. DNSSEC

There has been quite a bit of talk lately about the best way to secure a domain, mainly centered in two camps: using Secure Socket Layer (SSL), or using DNS Security Extensions (DNSSEC). The answer is quite simple -- you should use both. The reason for this is that they solve different problems, using different methods, and operate over different data. more

The Case Against DNSSEC

I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said "I don't think we need DNSSEC". Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let's take them one at a time... more

Phishers Now Targeting Domain Registrars

This is an issue of some concern and should be watched carefully: phishers are now trying to get passwords of domain registrants (domain owners). Currently, correspondents inform me that GoDaddy is the target, but there's no reason to think the phishers won't expand to other registrars. Normally, phishers go after bank accounts or other financial information, or sometimes the online accounts of users so that they may send spam. It's not known precisely why phishers are after domain registration information, but the possibilities are chilling... more

On the Time Value of Security Features in DNS

There are some real problems in DNS, related to the general absence of Source Address Validation (SAV) on many networks connected to the Internet. The core of the Internet is aware of destinations but blind to sources. If an attacker on ISP A wants to forge the source IP address of someone at University B when transmitting a packet toward Company C, that packet is likely be delivered complete and intact, including its forged IP source address. Many otherwise sensible people spend a lot of time and airline miles trying to improve this situation... The problems created for the Domain Name System (DNS) by the general lack of SAV are simply hellish. more

Security by Obscurity?

Ah yes, 'Security by obscurity': "Many people believe that 'security through obscurity' is flawed because... secrets are hard to keep." I'm glad the guys guarding the A Root Servers are up on the latest security trends. Of course, you could hide the A Root Servers at the heart of the Minotaur's maze, but they're still going to be "right over there" in cyberspace, at 198.41.0.29 more

If WHOIS Privacy is a Good Idea, Why is it Going Nowhere?

ICANN has been wrangling about WHOIS privacy for years. Last week, yet another WHOIS working group ended without making any progress. What's the problem? Actually, there are two: one is that WHOIS privacy is not necessarily all it's cracked up to be, and the other is that so far, nothing in the debate has given any of the parties any incentive to come to agreement. The current ICANN rules for WHOIS say, approximately, that each time you register a domain in a gTLD (the domains that ICANN manages), you are supposed to provide contact information... WHOIS data is public, and despite unenforceable rules to the contrary, it is routinely scraped... more

Phish-Proofing URLs in Email?

For those who've been living in an e-mail free cave for the past year, phishing has become a huge problem for banks. Every day I get dozens of urgent messages from a wide variety of banks telling me that I'd better confirm my account info pronto. ...Several people have been floating proposals to extend authentication schemes to the URLs in a mail message. A sender might declare that all of links in it are to its own domain, e.g., if the sender is bigbank.com, all of the links have to be to bigbank.com or maybe www.bigbank.com. Current path authentication schemes don't handle this, but it wouldn't be too hard to retrofit into SPF. ...So the question is, is it worth the effort to make all of the senders and URLs match up? more

8 Reasons Why Cybersecurity Strategy and Business Operations are Inseparable

In modern society, there is one fact that is unquestionable: The hyper-connectivity of the digital economy is inescapable. A financial institution without an online presence or omni-channel strategy will cease to be competitive. Universities (for-profit or non-profit) must develop and continuously evolve their online learning capabilities if they are to stay relevant. Online retailers are quickly outpacing and rendering their 'brick-and-mortar' counterparts irrelevant. more

DNSSEC Adoption Part 1: A Status Report

Where is the domain industry with the adoption of DNSSEC? After a burst of well publicized activity from 2009-2011 -- .org, .com, .net, and .gov adopting DNSSEC, roots signed, other Top-Level Domains (TLDs) signed -- the pace of adoption appears to have slowed in recent years. As many CircleID readers know, DNSSEC requires multiple steps in the chain of trust to be in place to improve online security. more

Blacklisting Under Wrong Assumptions

If you analyze the relay of spam- and malware-containing email circulating on the Internet purely through your mail server logs (running the Unix command "tail"), a large proportion seem to come from Asia Pacific hosts, especially those from mainland China. Therefore, many less-experienced systems administrators have simply blocked the access from subnets of Chinese or Asian origin, effectively destroying the fabric of the Internet -- messaging. If administrators took pains to analyze these supposedly Asian spam messages by analyzing the full Internet headers, they would have realized that the Asian servers were merely used by the real spammers as open relays, or perhaps as zombie hosts previously infected with the mass mailing worms through the exploitation of operating system vulnerabilities.  more

The Internet of Stupid Things

In those circles where Internet prognostications abound and policy makers flock to hear grand visions of the future, we often hear about the boundless future represented by "The Internet of Things". This phrase encompasses some decades of the computing industry's transition from computers as esoteric piece of engineering affordable only by nations, to mainframes, desktops, laptops, handhelds, and now wrist computers. Where next? more

Abusive Anti-Anti-Spam Scheme a Dreadful Strategy

A new company called Blue Security purports to have an innovative approach to getting rid of spam. I don't think much of it. As I said to an Associated Press reporter: "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal." more

How Do You Do Secure Bank Transactions on the Internet?

Banks love it when their customers do their transactions on line, since it is so much cheaper than when they use a bank-provided ATM, a phone call center, or, perish forbid, a live human teller. Customers like it too, since bank web sites are usually open 24/7, there's no line and no need to find a parking place. Unfortunately, crooks like on line banking too, since it offers the possibility of stealing lots of money. How can banks make their on line transactions more secure? more

SQL Injection in the Wild

As attack vectors go, very few are as significant as obtaining the ability to insert bespoke code in to an application and have it automatically execute upon "inaccessible" backend systems. In the Web application arena, SQL Injection vulnerabilities are often the scariest threat that developers and system administrators come face to face with (albeit way too regularly). more

Industry Updates

Father’s Day: Bad Guys’ Activities

Phishing Automated through Chatbots, We Found Potentially Connected Domains

In the Market for a New Car? Beware Not to Get on the Phishing Bandwagon

Blurring the Lines between APTs and Cybercrime: Cobalt Mirage Uses Ransomware to Target U.S. Organizations

Online Shopping Danger? 13K+ Cybersquatting Properties of Top E-Commerce Sites Discovered

A Look into New Cybersquatting and Phishing Domains Targeting Facebook, Instagram, and WhatsApp

Beware of Frappo and Related Cybersquatting Domains

Cardano Joins the List of Favored Crypto Scam Targets

These DeFi Domains Might Be Risky to Investors

Website Defacement: Age-Old but Still Works as Ongoing Campaigns Show

Don’t Hit That Update Button Just Yet, It Could Lead to Malware Infection

Behind the Bylines of Fake News and Disinformation Pages

Threat Actors Might Be Interested in Elon Musk’s Twitter Purchase, Too

Through the Spyglass: NSO Group Spyware Pegasus in Focus

Sinkholing May Not Spell the End for Malware Hosts and Botnets