Threat Intelligence |
Sponsored by |
|
Following up from my post yesterday, I thought I would take a look at how spammy each particular TLD is. At the moment, I only track 8 TLD's - .cn, .ru, .com, .net, .org, .info, .biz and .name. To check to see which one is the spammiest, I took all of our post-IP blocked mail and determined how many times those messages occurred in email, and how many times that email was marked as spam... more
A couple of weeks ago, NetworkWorld published an article indicating that the .com TLD was the riskiest TLD in terms of containing code that can steal passwords or take advantage of browser vulnerabilities to distribute malware... It is unclear to me what they mean by TLD's being risky. The number of domains, 31.3% of .com's being considered risky, what does this actually mean? Is it that 31% of .com's are actually serving up malware or something similar? If so, that seems like a lot because for many of us, nearly 1 in every 3 pages that most people visit would be insecure... more
.ORG, The Public Interest Registry (PIR) has announced today the launch of a new campaign aimed at educating IT professionals about securing DNS and the adoption of Domain Name System Security Extensions (DNSSEC). The key purpose of the "Practice Safe DNS" website, according to PIR, is to "serve as a key resource for domain holders, registrars, web developers and IT professionals to learn how they can respectively play a increasingly relevant role in providing a safer and more secure Internet." more
A couple of days ago, Threatpost posted an article indicating that the United States is the most bot-infected country... I think that Microsoft's mechanism of measuring bot infections is a good one, not necessarily because it is the most accurate but because it represents the most complete snapshot of botnet statistics. Because Microsoft Windows is installed on so many computers worldwide and because so many users across the world call home to the MSRT, Microsoft is able to collect a very large snapshot of data. more
This is the first in a series of releases that tie extensive code injection campaigns directly to policy failures within the Internet architecture. In this report we detail a PHP injection found on dozens of university and non-profit websites which redirected visitor's browsers to illicit pharmacies controlled by the VIPMEDS/Rx-Partners affiliate network. This is not a unique problem, however the pharmacy shop sites in question: HEALTHCUBE[DOT]US and GETPILLS[DOT]US should not even exist under the .US Nexus Policy. more
The more I read, the more I see conflicting views on the state of the criminal cybercrime world. On the one hand, the Russian criminal cybercrime underworld is a scary, organized place... On the other hand, there is the position that that position is an exaggeration of what it is actually like and that it's a bunch of ragtag folks who have some advanced computer skills but they are not formally organized. ... I see this very similarly to how I see cyber warfare... more
On Saturday Aug 7th, DNS provider DNS Made Easy was the target of a very large denial of service attack. As far as can be determined the total traffic volume exceeded 40 Gigabit/second, enough to saturate 1 million dialup Internet lines. Several of DNS Made Easy's upstream providers had saturated backbone links themselves. There are indications that not only DNS Made Easy suffered from this attack, but the Internet as a whole. more
Linguistic Internet is becoming stronger with the first leap to develop non-Latin applications, as Arabic Language SSL Certificates has been launched by M/s ArabicSSL with the support of Live Multilingual Translator and The Multilingual Internet Group. This step is highly appreciable because this will ensure the security and stability and develop trust over new Internet layers of Internationalized Domains (IDN TLDs). more
If the rise of phishing has taught us anything, it's that on the Internet, if a digital asset has value, there's somebody out there who wants to steal it. Whether it's a bank account password, a credit card number, a PayPal login, or even a magic sword in an online game, there's a fraudster somewhere trying to misappropriate it for his or her own nefarious purposes. Domain names have always been a target for such criminals. more
I was browsing CircleID the other day and came across Bruce Schneier's article on cyberwar. Schneier's article, and the crux of his point, is that the term cyber war and the threat of cyber warfare has been greatly exaggerated. The real problem in cyberspace is not the threat of cyber warfare wherein a foreign government, or possibly non-state actor, conducts a cyber attack on another nation. more
Paul observed that most new domain names are malicious. Are they? Since the "dawn of tasting", some 30 million domain names have been created for the purposes of interposition on existing name to resource mappings. That is a third of the .COM historical growth, and mostly in the last five years. ... It is difficult not to conclude that interposition on persistent, public referents is without malice, and that the malicious parties are advertisers seeking to transform public referents into private property, as promotional devices... more
A new study has been released by Center for Strategic and International Studies (CSIS) Commission on Cybersecurity for the 44th President that looks into cybersecurity manpower challenges in the United States. The report titled, "A Human Capital Crisis in Cybersecurity," is produced by CSIS - a bipartisan public and foreign policy think tank in Washington. more
DNSSEC adoption has been slow, but is now picking up speed, thanks to organizations leading the way. ... While some registries have already signed, some have announced plans to sign and others are still trying to figure out their plan. Either way, DNSSEC is here. How can we make DNSSEC adoption quicker and easier not only for the registry but for individual name owners? more
As the implementation of DNSSEC continues to gather momentum and with a number of ccTLDs, and the '.org' gTLD having deployed it into their production systems, I think it is worth pausing to take a look at the entire DNSSEC situation. Whilst it is absolutely clear that DNSSEC is a significant step forward in terms of securing the DNS, it is but one link in the security chain and is therefore not, in itself, a comprehensive solution to fully securing the DNS system. more
On April 16 ICANN issued a breach notice to Turkish Registrar Alantron for not consistently providing access to its WHOIS database via Port 43, a command-line query location that all Registrars are required to supply under conditions of their contract with ICANN under section 3.3.1. Four days later they issued a breach to Internet Group do Brazil for the same problem. ... The WHOIS record, as we all know, is a massive fraud with illicit parties filling records with bogus information and hiding behind anonymity. more
A World-Renowned Source for Internet Developments. Serving Since 2002.
