New from Verisign Labs: Measuring the Leakage of Onion at the Root

September 22, 2014 • By Verisign • Security

If you are trying to communicate anonymously on the internet using Tor, this paper may be an important read for you. Anonymity and privacy are at the core of what the Tor project promises its users. Short for The Onion Router, Tor provides individuals with a mechanism to communicate anonymously on the internet. As part of its offerings, Tor provides hidden services, specifically anonymous networking between servers that are configured to receive inbound connections only through Tor. In order to route requests to these hidden services, a namespace is used to identify the resolution requests to such services. Tor uses the .onion namespace under a non-delegated (pseudo) top-level-domain. Although the Tor system was designed to prevent .onion requests from leaking into the global DNS resolution process, numerous requests are still observed in the global DNS, causing concern about the severity of the leakage and the exposure of sensitive private data.

(more…)

Verisign Mitigates 300 Gbps DDoS Attack and Other Q2 2014 DDoS Trends

August 13, 2014 • By Danny McPherson • Security

It has been another busy quarter for the team that works on our DDoS Protection Services here at Verisign. As detailed in the recent release of our Q2 2014 DDoS Trends Report, from April to June of this year, we not only saw a jump in frequency and size of attacks against our customers, we witnessed the largest DDoS attack we’ve ever observed and mitigated – an attack over 300 Gbps against one of our Media and Entertainment customers.

(more…)

New from Verisign Labs – Measuring Privacy Disclosures in URL Query Strings

August 1, 2014 • By Verisign • Security

Have you ever gone to socially share or email a URL and found that it was much longer than you had expected? Take the following contrived URL as an example:

http://www.example.com/path/submit.php?user=userabc&pageid=012345&utm_referrer=rss&localtime=+0500

In your personal experience, as in our example, you might have realized that the URL was as much about you, the client, as it was about the web resource you were trying to access. Indeed, internet addresses may contain a wealth of information about the identities and activities of the users visiting them. URLs often utilize query strings (i.e., key-value pairs appended to the URL path; in our example, everything after the question mark) as a means to pass session parameters and form data. While sometimes benign and necessary to render the web page, query strings often contain tracking mechanisms, user names, email addresses and other information that users may not wish to publicly reveal. In isolation this is not particularly problematic, but the growth of web 2.0 platforms such as social networks and micro-blogging means such URLs are increasingly being publicly broadcast.

(more…)

The Evolving Threat of Amplification DDoS Attacks

June 12, 2014 • By Verisign • DDoS Protection, Security

If there is one trend in the cybersecurity world over the last 12 to 18 months that cannot be ignored, it is the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks.

An amplification attack is a two-part DDoS attack that generally uses the User Datagram Protocol (UDP). An attacker first sends a large number of small requests to unsuspecting third-party servers on the internet. The attacker crafts these requests to result in large responses, but they are otherwise normal except that their source addresses are rewritten (spoofed) so they appear to have come from the victim instead of the attacker. When all the third-party servers send their large responses to the victim, the resulting amount of traffic is much more than the attacker could have generated alone. These attacks often overwhelm the resources of the victim, as attacks in the hundreds of gigabits per second (Gbps) are possible using this method.

(more…)

Verisign Named to the OTA’s 2014 Online Trust Honor Roll

June 11, 2014 • By Verisign • Security

We are pleased to announce that Verisign has made the 2014 Online Trust Honor Roll for demonstrating exceptional data protection, privacy and security in an effort to better protect our customers and brand from the increased threats of cybercriminals.

(more…)

Almost Half of Companies Lack DDoS Response Plans

June 3, 2014 • By Verisign • DDoS Protection, Security

It’s tempting to see the threat of distributed denial of service (DDoS) as noise in the background of cybersecurity discussions, but don’t be fooled. Any risk to your critical web infrastructure can have a severe impact to your business, and given that the frequency, scale and sophistication of these types of attacks are increasing, the threat is very real.

(more…)

The Real Uneven Playing Field of Name Collisions

May 16, 2014 • By Burt Kaliski • Security

Recent comments on the name collisions issue in the new gTLD program raise a question about the differences between established and new gTLDs with respect to name collisions, and whether they’re on an even playing field with one another.

Verisign’s latest public comments on ICANN’s “Mitigating the Risk of DNS Namespace Collisions” Phase One Report, in answering the question, suggest that the playing field the industry should be concerned about is actually in a different place. The following points are excerpted from the comments submitted April 21.

(more…)

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

April 23, 2014 • By Verisign • Security

Verisign is pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.

At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).

(more…)

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

April 16, 2014 • By Burt Kaliski • Security

Verisign posted preliminary public comments on the “Mitigating the Risk of DNS Namespace Collisions” Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done.

(more…)

DNS Outages: The Challenges of Operating Critical Infrastructure

April 15, 2014 • By Danny McPherson • Security

Recent attacks targeting enterprise websites have created greater awareness around how critical DNS is for the reliability of internet services and the potentially catastrophic impact of a DNS outage. The DNS, made up of a complex system of root and lower level name servers, translates user-friendly domain names to numerical IP addresses. With few exceptions, DNS lives in a grey area between IT and network operations. With the increasing occurrences of distributed denial of service (DDoS) attacks, advanced persistent threats (APTs) and exploitation of user errors through techniques such as typosquatting and phishing, enterprises can no longer take a passive role in managing their DNS internet infrastructure.

(more…)

Browsing Category

Security