Welcome:
Login
|
Sign Up
|
About CircleID
Follow:
|
|
|
Threat Intelligence |
Sponsored by |
|
Hong Kong domains are the most dangerous in the world; this little factoid from a recent McAfee report generated quite a bit of media coverage, and even made TIME magazine's top stories list. But all is not as it seems, and aspects of the report may have been out of date before the report was even published. McAfee's study seems to be based on a year's worth of data, and last year was a particularly bad year for the Hong Kong domain, thanks to a gang of botnet spammers registering thousands of domains under the .hk ccTLD. These domains were most likely registered using stolen credit cards... more
In Part I of this article I set the stage for our discussion and overviewed the October 21st DDoS attacks on the Internet's 13 root name servers. In particular, I highlighted that the attacks were different this time, both in size and scope, because the root servers were attacked at the same time. I also highlighted some of the problems associated with the Domain Name System and the vulnerabilities inherent in BIND. Part II of this article takes our discussion to another level by critically looking at alternatives and best practices that can help solve the security problems we've raised. more
Why shouldn't there be a .gadi TLD? Why not one for Microsoft? This post is not about alternate roots or why they are bad, this post is about something else. We do need to go over some background (from my perspective) very quickly though. ICANN has a steel-fist control over what happens in the DNS realm. They decide what is allowed, and who gets money from it. Whether it's VeriSign for .com or any registrar for the domains they sell. They decide if .gadi should exist or not. ...What I am here to discuss is why Microsoft, as a non-arbitrary choice this time, indeed, of all the world, should kick it aside, creating an alternate root while at the same time not disturbing the world's DNS. more
Amidst the fascinating news from the SCO saga, preparing for SANS London and contributing to the Unix timeline project at Grokline my eyes caught a piece of rather distressing news on the BBC. It appears that BT (British Telecom) intends to move its current phone network to an IP-based network by 2009 thereby sending the circuit-switched technology off to the attic. The real question is: can we guarantee the same level of reliability on VoIP as we had on circuit-switched telephony when the stated aim is to carry both voice and data traffic down the same cables (or fibres more likely)? more
A recent study by researchers at the Cooperative Association for Internet Data Analysis (CAIDA) at the San Diego Super Computer Center (SDSC) revealed that a staggering 98% of the global Internet queries to one of the main root servers, at the heart of the Internet, were unnecessary. This analysis was conducted on data collected October 4, 2002 from the 'F' root server located in Palo Alto, California.
The findings of the study were originally presented to the North American Network Operators' Group (NANOG) on October 2002 and later discussed with Richard A. Clarke, chairman of the President's Critical Infrastructure Protection Board and Special Advisor to the U.S. President for Cyber Space Security. more
Earlier this year, ICANN began to seriously consider the various effects of adding DNS protocol features and new entries into the Root Zone. With the NTIA announcement that the Root Zone would be signed this year, a root scaling study team was formed to assess the scalability of the processes used to create and publish the Root Zone. Properly considered, this study should have lasted longer than the 120 days -- but the results suggest that scaling up the root zone is not without risk -- and these risks should be considered before "green-lighting" any significant changes to the root zone or its processes. I, for one, would be interested in any comments, observations, etc. (The caveats: This was, by most measures, a rush job. My spin: This is or should be a risk assessment tool.) Full report available here [PDF]. more
Cybercrime is costing businesses close to $600 billion, or 0.8 percent of global GDP, according to a report released today by McAfee, in partnership with the Center for Strategic and International Studies (CSIS). more
A couple of days ago the BBC reported that a document called the Information Operations Roadmap (PDF) had been declassified and that it contained some pretty interesting stuff. The American dominance over the Internet, recently manifested by its unwillingness to hand over some of the critical control to UN-organizations, may have another side to it. more
On April 16 ICANN issued a breach notice to Turkish Registrar Alantron for not consistently providing access to its WHOIS database via Port 43, a command-line query location that all Registrars are required to supply under conditions of their contract with ICANN under section 3.3.1. Four days later they issued a breach to Internet Group do Brazil for the same problem. ... The WHOIS record, as we all know, is a massive fraud with illicit parties filling records with bogus information and hiding behind anonymity. more
In a submission to the Joint Committee on Law Enforcement's inquiry into Impact of new and emerging information and communications technology, the Department of Home Affairs and Australian Criminal Intelligence Commission (ACIC) warn law enforcement will be degraded by a number of new technologies. more
While people may debate the death of email, there is no question that many email servers are already overloaded with spam. Current spam solutions are beginning to address the problem, but so far they all suffer from the arms race issue - as fast as we come up with new ways to fight spam, spammers are finding new ways to deliver it to us. While the functionality of email will certainly continue, the current system must change. When the change comes, it will deliver the future of email to Microsoft. more
For more than 30 years, the industry has used a service and protocol named WHOIS to access the data associated with domain name and internet address registration activities... The challenge with WHOIS is that it was designed for use at a time when the community of users and service operators was much smaller and there were fewer concerns about data privacy. more
The folks at Renesys pointed out earlier this week some interesting activity surrounding the L-root name server, highlighting some activity that should give us all yet another reason to be concerned about the security and integrity of the Internet DNS... considering that a great deal of malware today tends to corrupt the DNS resolution path in order to further exploit compromised end-systems, and that corruption, or any other actual end-system compromise, might well be unnecessary if the root were compromised -- well, think of the possibilities! more
The most recent episode of The Ask Mr. DNS Podcast offers up some disturbing corroborating evidence as to the extent of DNS filtering and outright blocking occurring in China. VeriSign's Matt Larson and InfoBlox's Cricket Liu, who co-host the geeky yet engaging and extremely informative show, held a roundtable discussion including technical experts from dynamic name service providers (better known as "managed DNS" services) DynDNS, TZO, No-IP, and DotQuad, as well as Google and Comcast. more
One of my pet peeves is the headline "n %" of email is spam, it is inherently misleading, and conveys no useful data. I guess it makes for great newspaper headlines then! On our servers looking at one email address for 4 hours, we saw 208 attempted connections for SMTP traffic referring to this email address. ...One can't measure spam in relation to the amount of genuine email, because the amount of genuine email is not connected to the amount of spam... more
A World-Renowned Source for Internet Developments. Serving Since 2002.
