Tag Archives: Security

Verisign Says New gTLD Rollout Not Ready To Proceed

Verisign has submitted a report to ICANN outlining a number of areas of “work that is currently not done, and should be completed before any new gTLDs can be deployed in a safe and secure manner.”The report, “New gTLD Security and Stability Considerations”, focusses on “Root Server System implications, Operational Readiness for gTLD Registries, and Risks of Name Collisions on the Internet, all of which Verisign note “will potentially have a considerable impact on the security and consumption of new gTLDs, as well as on the broader existing DNS ecosystem.”Verisign says that the stewards of the internet have tended to proceed with “relative caution when evolving the DNS. However, without proper precautions, processes, and safeguards being in place and fully specified, the advent of a multitude of new generic Top Level Domains (gTLDs) to the DNS root zone may give rise to security and stability issues.”And while the introduction of new gTLDs has been planned for several years, Verisign say “at the precipice of these new additions, many details, processes, questions, and concerns remain unaddressed. In this report, we outline many of the missing elements and some of the possible ramifications that could result from deploying new gTLDs, and the effects that could be felt throughout the Internet if proper caution is not exercised.”The goal of the report, the authors note, “is to catalogue many of the issues Verisign is currently facing related to new gTLDs and the surrounding processes, specifically from the perspective of a large registry and Internet infrastructure operator. Additionally, the aim is to raise the awareness of the various elements and subtleties of the rollout process, as well as the seriousness of issues that could prove to have significant consequences and perhaps even destabilise global operations of the DNS if not given due consideration.”The ten page report is available for download from www.verisigninc.com/assets/gtld-ssr-v2.1-final.pdf.

ICANN’s FY 14 Security, Stability and Resiliency Framework

ICANN logoIn advance of the Beijing meeting, ICANN is publishing the Security, Stability and Resiliency Framework for the 2014 Fiscal Year. This is an annual document, referenced in the Affirmation of Commitments. Community input is welcomed on ICANN‘s role in the ecosystem and priorities for the upcoming FY 14 in promoting a healthy, stable and resilient unique identifier system.

The new framework builds from the adoption of the SSR Review Team Final Report and recommendation by the ICANN Board of Directors in October 2012, and environmental developments since the previous Framework was published in June 2012.

Comments on the FY 14 Security, Stability and Resiliency Framework [PDF, 5.93 MB] are encouraged and may be sent to comments-ssr-fy14-06mar13@icann.org through 20 April 2013 (with a reply comment period open from 21 April to 20 May 2013, 23:59 UTC).

Further community consultations will occur at the upcoming ICANN meeting in Beijing and between March and May 2013.

Public Comment Box Link: www.icann.org/en/news/public-comment/ssr-fy14-06mar13-en.htm

This ICANN announcement was sourced from:

Microsoft Launches ccTLD Registry Security Assessment Service

Microsoft have announced the launch of their new Country Code Top-Level Domain (ccTLD) Registry Security Assessment Service to help registry operators find and fix security vulnerabilities before they are exploited. The service is available now and is being made available at no charge to registry operators.The announcement of the new service by Microsoft Security Staff is republished below:Microsoft Offers Security Assessment Service for Country-Code Top-Level Domain Registries (ccTLD)
The exploitation of vulnerabilities specific to country-code top-level domain (ccTLD) registries has become an increasingly common problem, especially in relatively small markets around the world. A ccTLD is an internet domain registry generally used or reserved for a country, a sovereign state, or a dependent territory, such as .co.uk (for United Kingdom) or .fr (for France). This allows web sites to be associated with their specific country, territory or geographic location and it provides the foundation for internet experiences by ensuring people using the internet reach the services they expect. Today, over 300 country-code top-level domain name registries are responsible for servicing hundreds of millions of domain names worldwide.Attacks on ccTLDs have far-reaching effects on private individuals, large and small companies, non-profits, and government organizations. Individuals attempting to reach certain web services may be redirected to inappropriate content where their computers can become infected by malware, putting their personal information at risk. Additionally, it is difficult for people to determine whether the problem is with the ccTLD or the organization that runs the service they are trying to reach. This often results in an erosion of confidence in online service providers when, in fact, they had nothing to do with the incident.Today, at the information security RSA Conference in San Francisco, Scott Charney, Microsoft’s corporate vice president for Trustworthy Computing, announced during his keynote the availability of our new Microsoft Country-Code Top-Level Domain (ccTLD) Registry Security Assessment Service to help registry operators find and fix security vulnerabilities before they are exploited. The service is available now and is being made available at no charge to registry operators.The Online Services Security and Compliance team (OSSC) that I lead is responsible for securing Microsoft’s cloud infrastructure and data centers that host over 200 cloud services for more than one billion customers, over 20 million businesses and 76 markets worldwide. We are pleased to be able to provide this service to the greater online community and share many of the lessons we have experienced in our own environment.Microsoft’s History of Support for Country-Code Top-Level Domain RegistriesThe OSSC team works closely with industry groups such as the Internet Corporation for Assigned Names and Numbers (ICANN) that manages market domain name registries. Many of the companies that manage ccTLD registries are small organizations that may lack the resources to protect themselves from the constant onslaught of attacks. In the past three months, we observed several domain registry attacks that have occurred worldwide. Like the rest of the online community, Microsoft has also had to defend our web services against these types of attacks.Microsoft has been working with industry peers to support and urge ccTLD operators to adopt important security practices. We have also participated in efforts to work with the ICANN community to provide more oversight in ensuring members adopt these practices. While both of these steps are positive for the industry, our new service is an effort to provide more support.Microsoft’s Country-Code Top-Level Domain (ccTLD) Registry Security Assessment ServiceMicrosoft’s ccTLD Registry Security Assessment service is based on an existing internal program that we use to better protect our own web and online services. It provides scanning and reporting of security vulnerabilities of a ccTLD’s externally-facing web applications and servers. After requesting the security assessment service, ccTLDs will receive a vulnerability assessment report. If vulnerabilities are discovered, Microsoft will provide a consultation with guidance on how to remediate the problems. We will also provide periodic re-scanning to help ccTLDs continue to protect their domain registry services on an ongoing basis. Microsoft will also offer free secure development guidance and operations best practices that we employ in Microsoft’s own cloud environment.The service is available to any top-level domain registries, including country-code top-level domain (ccTLD), generic top-level domain (gTLD) and sponsored top-level domain (sTLD).How ccTLD Operators Can Receive the ServiceIf you own a domain registry and are seeking a solution to help identify vulnerabilities and receive guidance that may help to improve the security of your service, please visit: http://technet.microsoft.com/en-us/security/jj992598 to schedule an assessment.Through programs and initiatives like these, we hope to help create a safer, more trusted online experience for everyone and support a dynamic environment for increasing the dialogue and sharing of best practices within our industry.Pete Boden
General Manager
Online Services Security & ComplianceThis announcement by Microsoft Security Staff was sourced from:

SophosLabs Finds .EU Domains Exploited Through Blackhole Exploit Kit

Recently there has been a spate of .EU domain name registration abuse, SophosLabs have claimed on their Naked Security blog.

In their blog posting, SophosLabs claim there have been “numerous malicious .eu domains have been registered during November which are being used to infect PCs with malware via the Blackhole exploit kit.” Examples given of the exploit are:

  • owzshm.eu
  • mpxuth.eu
  • ngpsjy.eu
  • wlwhhz.eu
  • jhzopj.eu
  • jqwwgm.eu
  • pmgugq.eu
  • jkiwhy.eu
  • nrxpxq.eu
  • vjtjpy.eu
  • xzjvhs.eu
  • xipuww.eu
  • kngipu.eu
  • ptkqzo.eu
  • pyrhox.eu

All of the domains resolve to the same IP address, a server located in the Czech Republic and are short-lived – the names only resolve to the target server for a brief period before the attackers move on to the next.

SophosLabs note this type of tactic is pretty common, used by many threats in their attempts to evade security filtering.

But it is unusual for .eu domains to be abused as normally it is TLDs.

Having dug a little further into the WHOIS information for these registrations, SophosLabs found some interesting observations. One is a Finnish connection based on the registrant details provided.

Going back a few months, SophosLabs found the same pattern for a number of .in (India) domains, and when active, the .IN domains resolved to the very same IP address as the .eu domains!

For further information, check out the SophosLabs Naked Security blog posting at nakedsecurity.sophos.com/2012/11/22/eu-blackhole-exploit-kit/

There is also an IDG report with additional information titled Cybercriminals are increasingly abusing .eu domains in attacks here.

Australian Internet Governance Forum To Help Shape Local Internet

An Internet Governance Forum is coming to the Australian capital of Canberra in October with the goal of bringing government, industry and community members together in an open, apolitical forum, to discuss Internet-related policy issues, exchange ideas and best practices, and help shape the future of the internet in Australia.Hot topics for the inaugural auIGF down under include security, the IGF landscape, openness, privacy and access and digital inclusion. The latter is an issue in Australia due to the difficulty in getting remote and regional communities online and engaged, as well as people of lower socio-economic backgrounds along with people with disabilities.There will also be a number of interactive, community-led workshops, investigating specific internet policy issues in greater depth.”The Internet was built with a spirit of openness, collaboration and accessibility”, said Chris Disspain, CEO of .au Domain Administration Ltd (auDA) in a statement. “In establishing the auIGF, we aim to embrace these principles and provide a mechanism to ensure Australians have a prominent and well-informed voice in Internet discussions.”Speakers lined up come from both Australia and New Zealand and include representatives from Facebook, Google and the Australian Privacy Commissioner.The auIGF is coordinated by a number of prominent industry stakeholders, including auDA, the Internet Industry Association (IIA), the Australian Communication Consumer Action Network (ACCAN), the Australian chapter of the Internet Society (ISOC-AU) and the Asia-Pacific Network Information Centre (APNIC). It also has the support of the Department of Broadband, Communications and the Digital Economy (DBCDE) and corporate partners including Google, Facebook, AusRegistry and Maddocks.”The collaborative nature, timing and agenda of this forum is strongly supported by the IIA”, said Peter Lee CEO of IIA. “Given the significant focus on issues such as security, privacy and convergence in a digital world, it’s important to facilitate open discussion of those issues with all stakeholders.””Access to the Internet is essential for participation in today’s society across a range of areas including employment, community, education and access to services”, noted ACCAN CEO, Teresa Corbin. “The auIGF will be an excellent opportunity to share experiences and strategies aimed to promote digital inclusion, to ensure that everyone reaps the benefits of a connected society.””Given the importance of the Internet to the Australian economy, forums such as the auIGF are vital in facilitating policy discussions that promote the continued expansion and innovation of the Internet”, added Adrian Kinderis, CEO of AusRegistry. “The open, participatory, multi-stakeholder model has made the Internet a successful driver of social and economic growth and this is set to continue in Australia under the guidance of the auIGF.”The outcomes of the auIGF will help influence domestic policy and decision-making and will be fed into international policy processes including the UN’s World Conference on International Telecommunications and the 2012 IGF in Baku, Azerbaijan.”The IGF format has proven to be influential in global decision-making – both as a reference point and a repository of essential information that should be considered in policy-making processes” said Paul Wilson, Director-General of APNIC. “I invite all stakeholders to show their support for this model, both through the auIGF and other national and regional initiatives that will feed into the global dialogue.”For more information or to register ($50 per person) for the auIGF, check out the website at igf.org.au.

ICANN’s FY 13 Security, Stability and Resiliency Framework

ICANN logoPurpose (Brief): ICANN is publishing its FY 13 Security, Stability & Resiliency Framework for community review. The Framework is an annual document, published in connection with ICANN’s fiscal year calendar. The Framework describes ICANN’s role in the ecosystem and operational priorities in security, stability and resiliency of the Internet’s unique identifiers.

Public Comment Box Link: www.icann.org/en/news/public-comment/ssr-fy13-01jun12-en.htm

This ICANN announcement was sourced from:

ICANN: Security, Stability & Resiliency of the DNS Review Team (SSR RT) Public Webinars on Draft Report

ICANN logoOn 15 March 2012, the Security, Stability & Resiliency of the DNS Review Team (SSR RT), constituted under the Affirmation of Commitments (AoC), published its Draft Report and Recommendations [PDF, 2 MB] for public comment to inform their work in producing a Final Report.

Translations of the report are available:

Consistent with its initial announcement, the SSR Review Team now invites the Community to participate in a public webinar with a view to presenting its draft report and recommendations and soliciting the Community’s feedback on its findings and conclusions.

The public webinar will take place on Friday, 11 May 2012. Two sessions will be scheduled to accommodate different timezones i.e. at 11:00 UTC and 19:00 UTC. The sessions are expected to last 60 minutes. They are duplicates and will be conducted in English only. The meeting will be run in an Adobe Connect room with a slide presentation along with a dial-in conference bridge for audio.

Participants will have the opportunity to ask questions at the end of each session. During the course of the webinar, questions may be submitted using the chat function of Adobe Connect. If you are not able to participate in either of the live sessions, the recording of the session will be made available shortly after the meeting. Staff is always available to answer any questions that you email to alice.jansen@icann.org.

In order to participate, please RSVP via email to alice.jansen@icann.org by Thursday, 10 May – 23:59 UTC to receive the call details. Please indicate which call you would like to join, Friday at 11.00 UTC or Friday at 19.00 UTC (to convert those times into your local time, see: www.timeanddate.com/worldclock/fixedform.html). We will send you an e-mail reminder before the event with log-in and dial-in details. Please DO NOT RSVP to any other ICANN staff members e-mail address.

For more information on the Security, Stability & Resiliency of the DNS Review Team (SSR RT), please refer to: www.icann.org/en/about/aoc-review/ssr

This ICANN announcement was sourced from:

Negotiating a New Governance Hierarchy: An Analysis of the Conflicting Incentives to Secure Internet Routing by Brenden Kuerbis & Milton Mueller [Communications and Strategies]

Abstract: New security technologies are never neutral in their impact; it is known that they can alter power relations and economic dependencies among stakeholders. This article examines the attempt to introduce the Resource Public Key Infrastructure (RPKI) to the Internet to help improve routing security, and identifies incentives various actors have towards RPKI implementation.We argue that RPKI requires ISPs to achieve security at the expense of autonomy, requires all actors to tradeoff simplified global compatibility and centralization of power, and affects the policies and business models of the Regional Internet Registries and their relationship to ICANN.While the Internet remains a space where authority is highly distributed, elements of hierarchy do exist, especially around critical resource allocation, and it is likely that security and other concerns will lead to continuing efforts to leverage those hierarchies into more powerful governance arrangements.To download this paper by by Brenden Kuerbis & Milton Mueller, originally published in Communications and Strategies, in full, see:

ICANN: 2011 Workshop on DNS Health & Security to be held in Rome

ICANN logoGCSEC, in cooperation with ICANN and DNS-OARC, announces the 2011 Workshop on DNS Health and Security (DNS-EASY 2011) will be held in Rome, Italy, 18-19 October 2011.

The DNS-EASY workshop will gather researchers and professionals from academia, industry and governmental agencies. Representatives from major DNS ecosystem stakeholder groups – technical development, network operators, enterprise users, and security experts – will participate as well, to discuss the health and security of the Domain Name System and how the current state of the DNS affects modern society.

The DNS EASY 2011 Workshop will convene in conjunction with the 3rd Global Annual Symposium on DNS Security, Stability and Resiliency and the first Workshop on DNS Health and Security. The timing of the workshop should permit those from the community planning to attend the ICANN meeting in Dakar, Senegal to transit through Rome prior to departing for Dakar later in the week.

Following the tradition of the 2009 and 2010 edition of the Global Annual Symposium on DNS-SSR, the workshop is organized in two parts. The first, for open attendance, showcases accepted, refereed papers and invited guest speakers. The second, the Global Annual Symposium on DNS-SSR is an invitation-only event. Invited participants from across the DNS ecosystem will discuss operational and policy open issues and challenges related to the DNS health and security. Members of the community who are interested in participating should visit the website for acceptance criteria and related invitation information.

Research topics and paper submission instructions can be found here: www.gcsec.org/workshop/dnseasy2011/call-for-paper

For more information and registration visit the workshop web site dnseasy.gcsec.org/ or contact directly: dns-easy2011@gcsec.org

Information on the two previous Global DNS SSR Symposiums held at Georgia Tech University in 2009 and Kyoto University in 2010 can be found at www.icann.org/en/topics/ssr/dns-ssr-symposium-report-1-3feb10-en.pdf [PDF, 6.08 MB] and www.gtisc.gatech.edu/pdf/DNS_SSR_Symposium_Summary_Report.pdf [PDF, 502 KB].

This ICANN announcement was sourced from:

ICANN, Swiss Registry, Others Improve Security For Internet Users

A collaboration between ICANN, the Swiss domain name registry SWITCH, Packet Clearing House, Infocomm Development Authority of Singapore (IDA) and the National University of Singapore (NUS) joined together last week at the ICANN meeting in Singapore to inaugurate the first of three hardened facilities to bring about extra security for global internet users.The new facility will provide secure digital signatures for the country-code top level domains of dozens of countries. The first three new facilities are located in Singapore; Zurich (still under construction) and San Jose, California. The facilities provide cryptographic security using the recently deployed Domain Name System Security (DNSSEC) protocol.”One of ICANN’s core missions is to enhance the security and stability of the Internet’s Domain Name System. This new DNSSEC facility in Singapore helps us do just that,” said Rod Beckstrom, President and Chief Executive Officer of ICANN.”The bottom line is that this centre and the two others like it will give billions of internet users the confidence to know that they have ended up at the web site they intended to reach, reducing the risk that they have been misdirected to a different site by cyber criminals.”The implementation of a more secure internet will bring about more than just giving internet users more trust. It will see, for example, web browsers and email gain an additional level of security. On trust, it will mean much more confidence for internet users when they interact online.”Businesspeople, governments, and regular Internet users have been demanding secure domain names for more than ten years, and I’m really happy to have finally built a system that delivers that, and delivers it globally, to any country that wants it, at no cost,” said Packet Clearing House’s research director, Bill Woodcock. “DNSSEC was an obvious next step for our global anycast DNS service network, since we already provide service to more than eighty countries.”The Swiss registry, like the other three locations, was selected because Switzerland is viewed as a stable and secure country. Additionally, Switzerland Singapore benefited from their history of neutrality.Simon Leinen, network engineer at SWITCH is delighted that PCH has selected Zurich as a server location. “The decision in favour of Zurich is based on the excellent, longstanding cooperation between PCH and SWITCH. PCH has been running a number of the name servers responsible for .ch and .li throughout the world.”The locations are spread out geographically in case of a disaster. A diverse selection of countries was chosen in case of one country not necessarily trusting one of those chosen.Mr Leong Keng Thai, Deputy Chief-Executive and Director-General of Telecoms & Post, IDA, said, “We are honoured that PCH, with the support of ICANN, has decided to host the Asia node of the DNSSEC platform here in Singapore. The facility will assist other countries to secure their DNS, and its location here further affirms Singapore as a secure and trusted hub.”Since its standardisation by the Internet Engineering Task Force (IETF), the DNSSEC protocol has been adopted by many top-level domains (TLDs) to form a secure chain of trust within the domain name system.So far this year, several major TLDs, including the German ccTLD .DE, as well as .COM and .NET have already secured their own domains by generating cryptographic keys, which are used in the DNSSEC system to electronically “sign” the domains, authenticating them to the internet users who access the web sites, email, and other internet resources the signed domains contain.Although people browsing the internet often take it for granted that the sites they visit are created and operated by their purported owners, it is possible for criminals with knowledge of the internet’s addressing system to create counterfeit websites that look like the real thing but capture users’ private information. DNSSEC guards against this cyber threat.PCH’s DNSSEC facilities will allow many additional countries to immediately gain the benefits of DNSSEC protection for their country code TLDs without needing to build and maintain their own million-dollar security facilities. During an elaborate “key-signing” ceremony on the opening day of the ICANN meeting (Monday 20 June), cryptographic master keys were created for Tanzania, Uganda, Afghanistan, and ten other countries that have already chosen to use the system.For more information see a New York Times article that interviews, in part, internet security researcher Dan Kaminsky at www.nytimes.com/2011/06/25/science/25trust.html.An ICANN news release of the announcement is available at www.icann.org/en/news/releases/release-22jun11-en.pdf.