New from Verisign Labs – Measuring Privacy Disclosures in URL Query Strings
Have you ever gone to socially share or email a URL and found that it was much longer than you had expected? Take the following contrived URL as an example:
http://www.example.com/path/submit.php?user=userabc&pageid=012345&utm_referrer=rss&localtime=+0500
In your personal experience, as in our example, you might have realized that the URL was as much about you, the client, as it was about the web resource you were trying to access. Indeed, internet addresses may contain a wealth of information about the identities and activities of the users visiting them. URLs often utilize query strings (i.e., key-value pairs appended to the URL path; in our example, everything after the question mark) as a means to pass session parameters and form data. While sometimes benign and necessary to render the web page, query strings often contain tracking mechanisms, user names, email addresses and other information that users may not wish to publicly reveal. In isolation this is not particularly problematic, but the growth of web 2.0 platforms such as social networks and micro-blogging means such URLs are increasingly being publicly broadcast.
Solving Challenges of Scale in Data and Language
It would not be too much of an exaggeration to say that the early internet operated on the scale of kilobytes, with all spoken languages represented using a single character encoding – ASCII. Today’s global internet, so fundamental to society and the world’s economy, now enables access to orders of magnitude more information, connecting a speakers of a full spectrum of languages.
The research challenges continue to scale along with data volumes and user diversity.
IANA 2.0: Ensuring ICANN Accountability and Transparency for the Future
The National Telecommunications and Information Administration’s (NTIA) March 14, 2014, announcement proposing the transition of its legacy Internet Assigned Numbers Authority (IANA) stewardship role has presented the Internet Corporation for Assigned Names and Numbers (ICANN) multi-stakeholder community equal amounts of opportunity and responsibility. We have been handed a singular opportunity to define the terms of any stewardship transition and the fundamental responsibility to get it right.
Getting it right means ensuring, through a bottom-up, multi-stakeholder process, the reform of ICANN’s accountability structures to protect the community and the multi-stakeholder model prior to NTIA’s disengagement from its oversight and stewardship role. It also means acting quickly and efficiently so our window of opportunity is not missed.
The Evolving Threat of Amplification DDoS Attacks
If there is one trend in the cybersecurity world over the last 12 to 18 months that cannot be ignored, it is the increasing prevalence and destructive power of amplification-based distributed denial of service (DDoS) attacks.
An amplification attack is a two-part DDoS attack that generally uses the User Datagram Protocol (UDP). An attacker first sends a large number of small requests to unsuspecting third-party servers on the internet. The attacker crafts these requests to result in large responses, but they are otherwise normal except that their source addresses are rewritten (spoofed) so they appear to have come from the victim instead of the attacker. When all the third-party servers send their large responses to the victim, the resulting amount of traffic is much more than the attacker could have generated alone. These attacks often overwhelm the resources of the victim, as attacks in the hundreds of gigabits per second (Gbps) are possible using this method.
Verisign Named to the OTA’s 2014 Online Trust Honor Roll
We are pleased to announce that Verisign has made the 2014 Online Trust Honor Roll for demonstrating exceptional data protection, privacy and security in an effort to better protect our customers and brand from the increased threats of cybercriminals.
Your .com Is Waiting
Thinking of growing your business online? Look no further than .com. It is the most universally recognized, and gold standard, in domain names, which is why 97 percent of the top 100 brands, and 93 percent of Fortune Global 100 companies house their company websites on .com.
Almost Half of Companies Lack DDoS Response Plans
It’s tempting to see the threat of distributed denial of service (DDoS) as noise in the background of cybersecurity discussions, but don’t be fooled. Any risk to your critical web infrastructure can have a severe impact to your business, and given that the frequency, scale and sophistication of these types of attacks are increasing, the threat is very real.
The Real Uneven Playing Field of Name Collisions
Recent comments on the name collisions issue in the new gTLD program raise a question about the differences between established and new gTLDs with respect to name collisions, and whether they’re on an even playing field with one another.
Verisign’s latest public comments on ICANN’s “Mitigating the Risk of DNS Namespace Collisions” Phase One Report, in answering the question, suggest that the playing field the industry should be concerned about is actually in a different place. The following points are excerpted from the comments submitted April 21.
Introducing getdns: a Modern, Extensible, Open Source API for the DNS
Verisign is pleased to announce the public introduction of getdns at The Next Web in Amsterdam (TNWEurope) April 23-24, 2014. Verisign Labs and NLNet Labs in collaboration have developed getdns, an open source implementation of the getdns-api application programming interface (api) specification.
At The Next Web, getdns is one of the challenge APIs in a 36-hour Hack Battle. Multiple teams of application coding experts are using getdns to develop innovative applications that leverage the global security infrastructure available through DNS Security Extensions (DNSSEC).
Verisign’s Preliminary Comments on ICANN’s Name Collisions Phase One Report
Verisign posted preliminary public comments on the “Mitigating the Risk of DNS Namespace Collisions” Phase One Report released by ICANN earlier this month. JAS Global Advisors, authors of the report contracted by ICANN, have done solid work putting together a set of recommendations to address the name collisions problem, which is not an easy one, given the uncertainty for how installed systems actually interact with the global DNS. However, there is still much work to be done.