Threat Intelligence

Sponsored
by

Noteworthy

WHOIS History API: Powering Domain Investigations

Domain Research and Monitoring: Keeping an Eye on the Web for You

Reverse WHOIS: A Powerful Process in Cybersecurity

Threat Intelligence / Recently Commented

Putting Cyber Threats Into Perspective

As society uses more digital technologies we are increasingly also faced with its problems. Most of us will have some horror stories to tell about using computers, smartphones, and the internet. But this hasn't stopped us from using the technology more and more. I believe that most people would say that their lives would be worse without technology -- in developed countries but equally in the developing world. more

Say YES to DNSSEC

With the latest "DNSpionage" attack, ICANN astutely prompted domain name holders to fully deploy DNSSEC on their names. Afilias absolutely supports this and encourages the same. In this post, I remind you of why DNSSEC is important and our continued role. Afilias has a long history in the development and advocacy of DNSSEC. In 2007, we partnered with Public Interest Registry to help found dnssec-deployment.org. more

Researchers Demonstrate Serious Privacy Attacks on 4G and 5G Protocols

A group of academic researchers have revealed a design weakness in the 4G/5G protocol which can be exploited by an attacker to identify the victim's presence in a particular cell area just from the victim's soft-identity such as phone number and Twitter handle. more

Microsoft is Abandoning SHA-1 Hashes for Updates - But Why?

Microsoft is shipping a patch to eliminate SHA-1 hashes from its update process. There's nothing wrong with eliminating SHA-1 - but their reasoning may be very interesting. SHA-1 is a "cryptographic hash function". That is, it takes an input file of any size and outputs 20 bytes. An essential property of cryptographic hash functions is that in practice (though obviously not in theory), no two files should have the same hash value unless the files are identical. more

What Is the Most Secure VPN Protocol?

VPN products vary greatly in convenience, efficiency, and security. If security is a serious concern, an organization needs to pay close attention to the protocols a service supports. Some widely used protocols have significant weaknesses, while others offer state-of-the-art security. The best of the lot today include OpenVPN and IKEv2. What's called a VPN protocol is actually a collection of protocols. There are several functions which every VPN has to manage. more

Revisiting How Registrants Can Reduce the Threat of Domain Hijacking

Recent events have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports. Domains are an important element of internet infrastructure; their functionality and security rely upon many factors such as their delegated name servers. more

Strange Email Used to Inform Marriott Customers About the Massive Data Breach

Millions of email warnings were sent out by Marriot on Friday to warn customers about the massive data breach which has affected close to half a billion guest data. more

Hackers Behind Marriott Breach Left Clues Suggesting Link to Chinese Government

Hackers behind the massive data breach of the hotel group Marriott International Inc have left clues suggesting ties to the Chinese government intelligence-gathering operation. more

Securing the Routing System at NANOG 74

The level of interest in the general topic of routing security seems to come in waves in our community. At times it seems like the interest from network operators, researchers, security folk and vendors climbs to an intense level, while at other times the topic appears to be moribund. If the attention on this topic at NANOG 74 is anything to go by we seem to be experiencing a local peak. more

KSK Rollover, Elliptical Curve Vulnerabilities, Surveillance and Privacy. Are We Building Trust?

ICANN just recently performed a Root Zone DNS Security Extensions (DNSSEC) Key Signing Key (KSK) Rollover. The recent KSK Rollover that took place on the 11th October 2018. The KSK Rollover has been successful and congratulations are in order. The Root Zone DNSSEC Key Signing Key "KSK" is the top most cryptographic key in the DNSSEC hierarchy. The KSK is a cryptographic public-private key pair. more

Traceability

At a recent workshop on cybersecurity at Ditchley House sponsored by the Ditchley Foundation in the U.K., a primary topic of consideration was how to preserve the freedom and openness of the Internet while protecting against the harmful behaviors that have emerged in this global medium. That this is a significant challenge cannot be overstated... That these harmful behaviors can and do cross international boundaries only makes it more difficult to fashion effective responses. more

Why Foldering Adds Very Little Security

I keep hearing stories of people using "foldering" for covert communications. Foldering is the process of composing a message for another party, but instead of sending it as an email, you leave it in the Drafts folder. The other party then logs in to the same email account and reads the message; they can then reply via the same technique. Foldering has been used for a long time, most famously by then-CIA director David Petraeus and his biographer/lover Paula Broadwell. Why is foldering used? more

Taking a Multi-Stakeholder Look at Cyber Norms

Recently we've seen several examples of likely state sponsored security incidents of which the appropriateness was later strongly debated. Incidents such as states impacting commercial enterprises during cyber attacks; purported sabotage of critical infrastructure, and attacks on civilian activists have all, to a greater or lesser degree, led to concerns being raised by both civilian watchdog groups, academics, technologists and governments. more

DNSSEC and DNS over TLS

The APNIC Blog has recently published a very interesting article by Willem Toorop of NLnet Labs on the relationship between Security Extensions for the DNS (DNSSEC) and DNS over Transport Layer Security. Willem is probably being deliberately provocative in claiming that "DoT could realistically become a viable replacement for DNSSEC." If provoking a reaction was indeed Willem's intention, then he has succeeded for me, as it has prompted this reaction. more

The Economics of Hacking an Election

There have been many news stories of late about potential attacks on the American electoral system. Which attacks are actually serious? As always, the answer depends on economics. There are two assertions I'll make up front. First, the attacker -- any attacker -- is resource-limited. They may have vast resources, and in particular, they may have more resources than the defenders -- but they're still limited. Why? more