New from Verisign Labs – Measuring Privacy Disclosures in URL Query Strings

August 1, 2014 • By Verisign • Security

Have you ever gone to socially share or email a URL and found that it was much longer than you had expected? Take the following contrived URL as an example:

http://www.example.com/path/submit.php?user=userabc&pageid=012345&utm_referrer=rss&localtime=+0500

In your personal experience, as in our example, you might have realized that the URL was as much about you, the client, as it was about the web resource you were trying to access. Indeed, internet addresses may contain a wealth of information about the identities and activities of the users visiting them. URLs often utilize query strings (i.e., key-value pairs appended to the URL path; in our example, everything after the question mark) as a means to pass session parameters and form data. While sometimes benign and necessary to render the web page, query strings often contain tracking mechanisms, user names, email addresses and other information that users may not wish to publicly reveal. In isolation this is not particularly problematic, but the growth of web 2.0 platforms such as social networks and micro-blogging means such URLs are increasingly being publicly broadcast.

(more…)

The Evolving Threat of Amplification DDoS Attacks

June 12, 2014 • By Verisign • DDoS Protection, Security

If there is one trend in the cybersecurity world over the last 12 to 18 months that cannot be ignored, it is the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks.

An amplification attack is a two-part DDoS attack that generally uses the User Datagram Protocol (UDP). An attacker first sends a large number of small requests to unsuspecting third-party servers on the internet. The attacker crafts these requests to result in large responses, but they are otherwise normal except that their source addresses are rewritten (spoofed) so they appear to have come from the victim instead of the attacker. When all the third-party servers send their large responses to the victim, the resulting amount of traffic is much more than the attacker could have generated alone. These attacks often overwhelm the resources of the victim, as attacks in the hundreds of gigabits per second (Gbps) are possible using this method.

(more…)

Verisign Named to the OTA’s 2014 Online Trust Honor Roll

June 11, 2014 • By Verisign • Security

We are pleased to announce that Verisign has made the 2014 Online Trust Honor Roll for demonstrating exceptional data protection, privacy and security in an effort to better protect our customers and brand from the increased threats of cybercriminals.

(more…)

Almost Half of Companies Lack DDoS Response Plans

June 3, 2014 • By Verisign • DDoS Protection, Security

It’s tempting to see the threat of distributed denial of service (DDoS) as noise in the background of cybersecurity discussions, but don’t be fooled. Any risk to your critical web infrastructure can have a severe impact to your business, and given that the frequency, scale and sophistication of these types of attacks are increasing, the threat is very real.

(more…)

The Real Uneven Playing Field of Name Collisions

May 16, 2014 • By Burt Kaliski • Security

Recent comments on the name collisions issue in the new gTLD program raise a question about the differences between established and new gTLDs with respect to name collisions, and whether they’re on an even playing field with one another.

Verisign’s latest public comments on ICANN’s “Mitigating the Risk of DNS Namespace Collisions” Phase One Report, in answering the question, suggest that the playing field the industry should be concerned about is actually in a different place. The following points are excerpted from the comments submitted April 21.

(more…)

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

April 23, 2014 • By Verisign • Security

Verisign is pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.

At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).

(more…)

Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report

April 16, 2014 • By Burt Kaliski • Security

Verisign posted preliminary public comments on the “Mitigating the Risk of DNS Namespace Collisions” Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done.

(more…)

DNS Outages: The Challenges of Operating Critical Infrastructure

April 15, 2014 • By Danny McPherson • Security

Recent attacks targeting enterprise websites have created greater awareness around how critical DNS is for the reliability of internet services and the potentially catastrophic impact of a DNS outage. The DNS, made up of a complex system of root and lower level name servers, translates user-friendly domain names to numerical IP addresses. With few exceptions, DNS lives in a grey area between IT and network operations. With the increasing occurrences of distributed denial of service (DDoS) attacks, advanced persistent threats (APTs) and exploitation of user errors through techniques such as typosquatting and phishing, enterprises can no longer take a passive role in managing their DNS internet infrastructure.

(more…)

Proceedings of Name Collisions Workshop Available

March 26, 2014 • By Burt Kaliski • Security

Presentations, papers and video recordings from the name collisions workshop held earlier this month in London are now available at the workshop web site, namecollisions.net.

The goal for the workshop, described in my “colloquium on collisions” post, was that researchers and practitioners would “speak together” to keep name spaces from “striking together.” The program committee put together an excellent set of talks toward this purpose, providing a strong, objective technical foundation for dialogue. I’m grateful to the committee, speakers, attendees and organizers for their contributions to a successful two-day event, which I am hopeful will have benefit toward the security and stability of internet naming for many days to come.

(more…)

Joining Forces to Advance Protection Against the Growing Diversity of DDoS Attacks

March 17, 2014 • By Verisign • DDoS Protection, Security

You may have seen the news this morning that we have joined forces with Juniper Networks to provide a comprehensive, always on, DDoS solution. At Verisign, we focus on protecting companies from increasingly complex cyber threats, and this relationship should only raise the bar higher, as it will provide a different, more integrated approach than what’s used today, to help ensure faster and more efficient detection and mitigation.

(more…)

Browsing Category

Security