DNS Outages: The Challenges of Operating Critical Infrastructure

April 15, 2014 • By Danny McPherson • Security

Recent attacks targeting enterprise websites have created greater awareness around how critical DNS is for the reliability of internet services and the potentially catastrophic impact of a DNS outage. The DNS, made up of a complex system of root and lower level name servers, translates user-friendly domain names to numerical IP addresses. With few exceptions, DNS lives in a grey area between IT and network operations. With the increasing occurrences of distributed denial of service (DDoS) attacks, advanced persistent threats (APTs) and exploitation of user errors through techniques such as typosquatting and phishing, enterprises can no longer take a passive role in managing their DNS internet infrastructure.

(more…)

Proceedings of Name Collisions Workshop Available

March 26, 2014 • By Burt Kaliski • Security

Presentations, papers and video recordings from the name collisions workshop held earlier this month in London are now available at the workshop web site, namecollisions.net.

The goal for the workshop, described in my “colloquium on collisions” post, was that researchers and practitioners would “speak together” to keep name spaces from “striking together.” The program committee put together an excellent set of talks toward this purpose, providing a strong, objective technical foundation for dialogue. I’m grateful to the committee, speakers, attendees and organizers for their contributions to a successful two-day event, which I am hopeful will have benefit toward the security and stability of internet naming for many days to come.

(more…)

Joining Forces to Advance Protection Against the Growing Diversity of DDoS Attacks

March 17, 2014 • By Verisign • DDoS Protection, Security

You may have seen the news this morning that we have joined forces with Juniper Networks to provide a comprehensive, always on, DDoS solution. At Verisign, we focus on protecting companies from increasingly complex cyber threats, and this relationship should only raise the bar higher, as it will provide a different, more integrated approach than what’s used today, to help ensure faster and more efficient detection and mitigation.

(more…)

Jeff Schmidt to Present Name Collision Management Framework at Research Workshop

March 4, 2014 • By Burt Kaliski • Security

I’m delighted to announce that the name collisions workshop this weekend will include Jeff Schmidt, CEO of JAS Global Advisors, presenting the Name Collision Occurrence Management Framework that his firm just released for public review.

Jeff’s presentation is one of several on the program announced by the program committee for the Workshop and Prize on Root Causes and Mitigations of Name Collisions (WPNC).

(more…)

Uncontrolled Interruption? Dozens of “Blocked” Domains in New gTLDs Actually Delegated

February 26, 2014 • By Burt Kaliski • Security

The Mitigating the Risk of DNS Namespace Collisions report, just published by JAS Global Advisors, under contract to ICANN, centers on the technique of “controlled interruption,” initially described in a public preview shared by Jeff Schmidt last month.

With that technique, domain names that are currently on one of ICANN’s second-level domain (SLD) block lists can be registered and delegated for regular use, provided that they first go through a trial period where they’re mapped to a designated “test” address. The staged introduction of new SLDs is intended to provide operators of installed systems the opportunity to assess the potential impact of an impending name collision on their own, before any external operators have an opportunity to exploit it.

(more…)

Keynote Speaker for Name Collisions Workshop: Bruce Schneier

February 20, 2014 • By Burt Kaliski • Security

There may still be a few security practitioners working in the field who didn’t have a copy of Bruce Schneier’s Applied Cryptography on their bookshelf the day they started their careers. Bruce’s practical guide to cryptographic algorithms, key management techniques and security protocols, first published in 1993, was a landmark volume for the newly emerging field, and has been a reference to developers ever since.

Beyond just the popularity of the book, Bruce has also been widely recognized over the past two decades for his insightful commentary on the security issues of the day, featured on his monthly Crypto-Gram newsletter, his blog, “Schneier on Security,” 11 more books including the newly published Carry On, as well as numerous essays, op-eds and interviews.

It’s a genuine privilege therefore that Bruce will be keynoting the upcoming Name Collisions Workshop, to be held on March 8-10, in London.

(more…)

Colloquium on Collisions: Expert Panelists to Select Papers, Award $50K First Prize

February 4, 2014 • By Burt Kaliski • Security

According to the Online Etymology Dictionary, the verb collide is derived from the Latin verb collidere, which means, literally, “to strike together”: com- “together” + lædere “to strike, injure by striking.”

Combined instead with loquium, or “speaking,” the com- prefix produces the Latin-derived noun colloquy: “a speaking together.”

Researchers and practitioners know well the benefits of the colloquium, the technical conference, a gathering of those speaking together on a topic.

So consider WPNC 14 – the upcoming namecollisions.net workshop – a colloquium on collisions: speaking together to keep name spaces from striking together.

(more…)

Collisions Ahead: Look Both Ways before Crossing

January 23, 2014 • By Burt Kaliski • Security

Many years ago on my first trip to London, I encountered for the first time signs that warned pedestrians that vehicles might be approaching in a different direction than they were accustomed to in their home countries, given the left-versus-right-side driving patterns around the world. (I wrote a while back about one notable change from left-to-right, the Swedish “H Day,” as a comment on the IPv6 transition.)

If you’re not sure on which side to expect the vehicles, it’s better to look both ways — and look again — if you want to reduce the risk of a collision.

(more…)

Pioneering Technologies for the Long Term

November 26, 2013 • By Burt Kaliski • Security

We recently hosted Dr. Ralph Merkle as a guest speaker for the Verisign Labs Distinguished Speaker Series. His talk, “Quantum Computers and Public-Key Cryptosystems,” was a great presentation on how molecular nanotechnology — the ability to economically manufacture most arrangements of atoms permitted by physical law — could fundamentally alter the world as we know it. Ralph’s and many others’ research on this topic has been groundbreaking and we are grateful he took the time to come and share his knowledge.

(more…)

Part 4 of 4 – Conclusion: SLD Blocking Is Too Risky without TLD Rollback

November 20, 2013 • By Burt Kaliski • Security

ICANN’s second-level domain (SLD) blocking proposal includes a provision that a party may demonstrate that an SLD not in the initial sample set could cause “severe harm,” and that SLD can potentially be blocked for a certain period of time. The extent to which that provision would need to be exercised remains to be determined. However, given the concerns outlined in Part 2 and Part 3 of this series, it seems likely that there could be many additions (and deletions!) from the blocked list given the lack of correlation between the DITL data and actual at-risk queries.

(more…)

Browsing Category

Security