Tag Archives: DNS security

Connecting the Digital Dots: From a Single Domain to a Deceitful Operation: Farsight Webinar

Farsight-Orange-Vector-LogoFarsight Security and iThreat Cyber Group demonstrate how iThreat’s CyberTOOLBELT platform and Farsight Security’s passive DNS data unravelled a deceitful drug rehabilitation operation starting with a single domain only and expanding it to the key individuals behind the operation and the laws they were breaking.

CyberTOOLBELT builds upon Farsight’s passive DNS by enhancing it with blocklist, and whois information, creating a platform that serves as a starting point in any domain or IP investigation by quickly providing a contextual overview of the data point of interest.

Key Points Covered include:

  • An overview of the Passive DNS
  • How cybercriminals use both legitimate and malicious subdomains to gain entry
  • The steps security teams can take to uncover a single subdomain abuse and broaden that search to an entire landscape.

The webinar will be held on 28 September from 10:00 to 11:00 US Pacific Time.

The presenters are:

  • Daniel Schwalbe
    Director Of Engineering & Deputy CISO at Farsight Security
  • Chad Los Schumacher
    Team Lead Investigator, CyberTOOLBELT
  • Michael Lewis
    Chief Technology Officer, CyberTOOLBELT

To register, go to:

Daily Wrap: Registrars Object To .BANK Demands, SIDN Rebrands, 2015 Record Year For .PL, Rightside Investor Wants Major Changes and Drown Bug Puts 11 Million Websites At Risk

SIDN transition logoRegistrars have objected to what they describe as unreasonable demands on new rules fTLD Registry Services are trying to impose on them for selling .bank domains.

According to a report in Domain Incite, “the Registrar Stakeholder Group formally relayed its concerns about a proposed revision of the .bank Registry-Registrar Agreement to ICANN at the weekend.”

“A key sticking point is fTLD’s demand that each registrar selling .bank domains have a dedicated .bank-branded web page” with some registrars saying it will “require extensive changes to the normal operation of the registrar.”

The Polish ccTLD, .pl, had its best year ever in 2015 in terms of the daily average number of .pl domain name registrations, according to the NASK’s report on the .pl domain name market for the fourth quarter. At the end of December the .pl domain Registry, with nearly 2.7 million names, was the eleventh largest ccTLD in the world.

Last year the daily average was 3,068 names .pl domains registered compared to 2,818 in 2014. 2015 was the sixth year that the number of new .pl domains exceeded one million, with 1,119,896 new domains registered. The total number of .pl domain names registered at the end of 2015 was 2,681,752.

“In accordance with the prognosis, the 2015 year was one of the best year in the history of the Polish Registry. Over the last twelve months the .pl Registry attained a record number of new registrations,” said Michał Chrzanowski, the Director of NASK.

“The annual growth dynamics for the end of December resulted with 6.23%, being the highest value for the last four years. At the same time the number of Registrants in the Registry grew last year by 60 thousand, thus the barrier of one million Registrants has been exceeded.”

The report is available for download from:

SIDN, which started life as the registry for .nl (Netherlands) is rebranding to take into account that they now provide registry services for additional TLDs – .aw and .amsterdam and most likely later in 2016 .bv.

Additionally, through a partnership with Simplerinvoicing, SIDN is taking their first steps as a trust framework manager.

The new branding has more colours than a rainbow and the organisation says the “new logo expresses the stability and reliability of our organisation, with an array of colours reflecting the diversity of our activities.”

SIDN has “also decided to use a less formal style of writing. One that suits the modern, accessible organisation we want to be.”

Rightside has upset one of its major investors, with “a hedge fund manager known for causing trouble at the companies he invests in [savaging] Rightside, saying its focus on new gTLDs at the expense of its registrar business is ruining the company,” according to a report in Domain Incite.

The report says “J Carlo Cannell of Cannell Capital is looking for some serious bloodletting. He wants Rightside to cut 20% of its staff, close offices, unify its products under the eNom brand and replace two of its directors.”

“He’s threatening to wage a proxy war to replace the Rightside board if he doesn’t get what he wants.”

“A major flaw in the HTTPS protocol has been uncovered that may leave as many as 11 million websites at risk, as well as any other services that use SSL and TLS encryption,” reports V3.

“The security protocols are widely used to encrypt web transactions and other highly sensitive traffic. HTTPS has also been increasingly deployed to protect people’s browsing of ordinary websites in an era when more and more governments are engaging in large-scale web surveillance.”

“The flaw, dubbed Drown, could be used to access all kinds of sensitive information, the researchers explained in a detailed posting on a dedicated website.”

More information is available from:

Menlo Security Finds High Risk in Trusted Websites

Menlo Security logo[news release]  Stealth cybersecurity company, Menlo Security, today released its “State of the Web 2015: Vulnerability Report.” Based on a direct interrogation and analysis of the Alexa top one million sites, Menlo Security found that more than one in three of the top domains are risky – meaning the sites are either already compromised or running vulnerable software – increasing exposure to attack for anyone visiting those sites.

In 2014, businesses lost nearly $400 billion as a result of cyber crime. As attacks become increasingly sophisticated, even browsing trusted websites and clicking on links in emails have the potential to cause significant damage and compromise devices. With more than one billion websites on the Internet and over 100,000 websites created daily, the risk from vulnerable sites is multiplying.

In total, Menlo Security scanned more than 1.75 million URLs representing over 750,000 unique domains. Key findings include:

  • More than one in 20 sites (6 percent) were identified by third-party domain classification services as serving malware, spam or botnets.
  • Over one in five (21 percent) sites were running software with known vulnerabilities.
  • Sites in categories that are typically “trusted” – including Computers and Technology, Business, and Shopping – were the top three sources of vulnerable sites.
  • Of the 2.5 percent of sites that were “uncategorized,” a significant proportion (16 percent) was running vulnerable software.

“Respected and trusted websites like Forbes.com and jamieoliver.com have been used to deliver zero-day malware to unsuspecting visitors. These kinds of attacks are happening with increasing frequency because so many sites are running vulnerable software but are routinely classified as ‘safe,'” said Kowsik Guruswamy, CTO of Menlo Security. “The current generation of security tools is falling behind in the race to stop attacks. Today’s security challenges call for an entirely new approach to preventing malware from infecting user’s systems.”

To read Menlo Security’s State of the Web 2015: Vulnerability Report visit: menlosecurity.com/resources/Vulnerability_Report_Mar_2015.html

About Menlo Security

Menlo Security, a stealth cyber security startup, is eliminating the threat of advanced malware by introducing a new security model. The company’s solution is currently used by some of the world’s largest enterprises. Menlo Security was founded by experienced security executives from Check Point Software and Juniper Networks, in collaboration with renowned academics from the University of California, Berkeley. Backed by General Catalyst Partners and Osage University Partners, Menlo Security is headquartered in Menlo Park, California. Visit www.menlosecurity.com.

This news release was sourced from:

ICANN: DNS Security, Stability, and Resiliency Update Added to APWG eCrime 2013 Agenda

ICANN logoThe Antiphishing Working Group (APWG) will host its 10th anniversary meeting 16-19 September in San Francisco. The working agenda for eCrime 2013 continues a trend of focusing greater attention on abuses or misuses of DNS and registration services. During the two-day eCrime Congress, members and attendees will consider the evolution of crimeware, behavioral vulnerabilities and human factors that faciliate eCrime, the roles of Registrars, Registries and DNS in managing phishing attacks, public health approaches to managing eCrime, and reports of current counter-eCrime efforts and successes.

On 19 September, ICANN‘s Security Team will host a DNS Security, Stability, and Resiliency Update on policies and discussion topics of particular interest to the APWG members, including a review of the 2013 Registration Accreditation Agreement (RAA), a presentation on Abuse Recidivism in Domain Registrations, a report on the recommendations [PDF, 92 KB] from the ICANN Expert Working Group on Whois, and a progress report on the IETF working group that is developing a successor Whois protocol (WEIRDS).

Registration and further information can be found here.

This ICANN announcement was sourced from:

CIRA Moves Towards DNSSEC With Paper on Proposal For Way Forward

CIRA dotCA logo[news release] Today, the Canadian Internet Registration Authority (CIRA) took a critical step in making the Internet more secure for Canadians. As part of CIRA’s planned implementation of Domain Name System Security Extensions (DNSSEC), CIRA released a DNSSEC Practice Statement (DPS) to provide this service to the Canadian Internet community.

The DPS provides an operational outline of all the details on how CIRA plans to develop, maintain and manage DNSSEC deployment. CIRA is inviting comments on its DPS. Interested parties can send their feedback on the DPS to cira_dnssec@cira.ca.

“CIRA is committed to providing Canadian Internet users with a safe, secure and trusted online experience,” said CIRA’s President and CEO Byron Holland. “DNSSEC is the next logical step in securing DNS services and protecting Canadians online.”

DNSSEC is an important set of extensions that provide an extra layer of security to the domain name system (DNS), the system the Internet uses to translate your domain name from its commonly used URL into its numerical Internet protocol address.

In addition to the DPS, CIRA also launched an online knowledge centre dedicated to DNSSEC, available at cira.ca/knowledge-centre/technology/dnssec. The knowledge centre includes resources for Canadians to learn about why DNSSEC is important and how CIRA plans to implement it.

At its core, DNSSEC is a set of Internet Engineering Task Force (IETF) specifications for adding origin authentication and data integrity to the DNS and is implemented through public key cryptography into the DNS hierarchy. What results is a more secure connection for the end user.

This CIRA news release was sourced from:

America Registry logoTo register your .CA domain name, check out America Registry here.

ICANN Board Votes to Defer .XXX, Appeases Trademark Holders, in Nairobi Meeting

ICANN concluded its week-long meeting in Nairobi on Friday 12 March with a number of notable and controversial decisions. The board meeting, the traditional final happening at its meetings held three times per year around the world, voted to defer a decision on the .XXX Top Level Domain and to scrap the Expressions of Interest Proposal for new generic TLD applicants. However they did vote to create a Trademark Clearinghouse and Uniform Rapid Suspension System to protect trademark holder’s rights in new gTLDs. But the decisions from the ICANN board were given a poor mark by Milton Mueller writing on the Internet Governance blog.

The proposal for the .XXX TLD, for adult websites, has been resurrected following an independent review that was concluded in February. The review found the decision to reject .XXX was unfair and should be reconsidered. The .XXX proposal has been hanging around ICANN for some years now, having first been approved in 2005 and then rejected two years later.

Then in 2008 ICM Registry, the .XXX applicant, filed a complaint with the Independent Review Panel (IRT). The IRT, independent of ICANN but recognised in its bylaws, concluded in its report that the decision to reject .XXX was unfair and should be reconsidered.

At the board meeting on Friday the board directed ICANN’s CEO and general counsel to finalise a report of possible process options for further consideration. This report is to be made available with options for public comment within 14 days to enable the community to provide input on the board processes.

The report will be posted for public comment and then further consideration by the board at its 38th meeting in Brussels in late June.

Expressions of Interest Process for New GTLDs
The ICANN board, in a surprise decision to many, decided to cancel the idea of calling for Expressions of Interest (EoI) for new generic Top Level Domains. It was expected ICANN would call for EoIs to gauge support for new gTLDs. This followed the call for ICANN staff to present options for the potential impact of such a process at the previous meeting in Seoul, South Korea, in December 2009.

ICANN decided that the potential benefits of proceeding with an EOI were outweighed by the costs of potential delay to the new gTLD programme.

Commenting on the decision, Rod Beckstrom, ICANN’s CEO and president, said the EoI process would have “added another step, another process, another set of community discussions and debate.”

The implementation process for new gTLDs is taking much longer than anticipated with dates for when ICANN expected to be taking applications being pushed back several times. This has created problems for would-be applicants.

Also on new gTLDs, the board decided that there will be no co-ownership of registries and those acting as registrars for any new gTLD.

Trademark Clearinghouse and Uniform Rapid Suspension System
In another development linked to new gTLDs, ICANN has agreed to establish a Trademark Clearinghouse and a Uniform Rapid Suspension System. The Trademark Clearinghouse is to be a means of protecting the rights of trademark holders in any new gTLDs that are created while the Uniform Rapid Suspension System is to be the process for suspending domain name registrations considered to be trademark abuses in new gTLDs.

“In forming this trademark clearinghouse, we’ve listened to our community about providing trademark protection,” said Peter Dengate Thrush, ICANN’s Chairman of the Board. “We’ve also adopted an extremely rapid process by which people or organisations can challenge trademark infringement.”

The board has asked for final versions to be developed for inclusion in version four of the Draft Applicant Guidebook.

Internationalised Domain Names and gTLDs
ICANN is backing away from the rule that any new gTLD string has to be at least three characters, voting in its board meeting to reconsider the requirement following public comment that this would limit the utility of Internationalised Domain Names (IDN) gTLDs in some regions of the world. A revised policy is expected in the next draft (version four) of the Draft Applicant Guidebook.

DNS Security
Earlier in the week at the meeting, the ICANN’s CEO and president, Rod Beckstrom made some controversial comments on DNS security.

“The domain name system is under attack today as it has never been before. I have personally consulted with over 20 CEOs of the top registries and the top registrars globally, all of whom are seeing increasing attacks and complexity of attacks and who are extremely concerned,” Beckstrom said.

However Chris Disspain, chairman of the Country Code Name Supporting Organization (ccNSO) council, was none too impressed. Disspain called Beckstrom’s comments “inflammatory”, saying:
“Your inflammatory comments to governmental representatives regarding – in your view – the precarious state of the security of the DNS, have the potential to undermine the effective and productive relationships established under ICANN’s multi-stakeholder model.

“This could cause great concern among governments regarding how elements of critical internet resources are operated and managed in their countries.

“We suggest that ICANN work with all relevant internal and external stakeholders to develop a clear analysis of the current mechanisms in place to ensure the ongoing security of the DNS. As a first step, we urge you to share with us and other stakeholders the underlying facts or studies that originally led you to make your statements.”

An interview with Rod Beckstrom on the board decisions is available from:

Writing on the Internet Governance blog, Milton Mueller says he would give ICANN “an A for effort. But on substance? Give them an F. On the .xxx issue, the Board chose to ignore its independent review panel and refused to rectify what was officially determined to be unfair and discriminatory treatment. On the vertical integration issue, it issued a needlessly biased and poorly worded resolution that was an attempt to clarify things but probably did the opposite. True to form, the board devoted most of its attention to bending over backwards to accommodate trademark interests at the expense of market diversity, as most of the resolutions passed refer to various aspects of how to protect trademark owners from the horrifying prospect of letting people register names under new TLDs. And in response to complaints that it had set the fee bar for new gTLDs too high, the Board issued a vague instruction to its Advisory Committees and Supporting Organizations ‘develop a sustainable approach to providing support to applicants requiring assistance in applying for and operating new gTLDs.'”

For more of Milton Mueller’s analysis of the outcomes of the ICANN meeting in Nairobi, check out: