Verisign: our DNS was not hacked

Verisign today reiterated that the recently revealed 2010 security breaches on its corporate network did not affect its production domain name system services.

In a statement, Verisign said:

After a thorough analysis of the attacks, Verisign stated in 2011, and reaffirms, that we do not believe that the operational integrity of the Domain Name System (DNS) was compromised.

We have a number of security mechanisms deployed in our network to ensure the integrity of the zone files we publish. In 2005, Verisign engineered real-time validation systems that were designed to detect and mitigate both internal and external attacks that might attempt to compromise the integrity of the DNS.

The statement followed several news reports that covered the hacks and speculated about the mayhem that could ensue if Verisign’s root or .com zone systems were ever breached.

The information the company has released so far suggests that the attacks were probably against back-office targets, such as user desktops, rather than its sensitive network operations centers.

New gTLD applications briefly vanish after glitch

A software glitch in ICANN’s TLD Application System was apparently to blame for a number of “disappearing” new generic top-level domain applications today.

At about 4pm UTC today, two Neustar executives tweeted that some applications, among them the company’s own .neustar dot-brand application, had vanished from their TAS accounts.

TAS is the web-based application, presented as a series of questions, which applicants must use to file and pay for their new gTLD applications.

Several other applicants were also believed to be affected.

It took about two hours for ICANN to sort the problem out.

A spokesperson later said: “A display issue occurred in TAS, it has been corrected. All data is now visible & no information was lost.”

It’s the second technical problem to be reported in TAS this week.

On Tuesday, consultant Fairwinds Partners reported that some applicants had problems filling out their TAS profiles, preventing them from completing their applications.

Frankly, I’d be more surprised if this kind of thing didn’t happen.

TAS is brand new custom-built software, and as anyone who’s ever written software will tell you, no amount of testing can substitute for production use when it comes to finding bugs.

Typosquatting is huge but not dangerous, study finds

A study of typosquatted domain names has found that the practice is reaching pandemic levels for the largest brands, but that there’s surprisingly little malware distribution going on.

The security company Sophos surveyed 2,249 domains that were one letter different to the .com sites of Facebook, Google, Twitter, Apple and Microsoft, and found that two thirds resolved.

Not all of those 1,502 sites were malicious typosquats; some were legitimate sites that just happened to have similarly spelled names (such as goole.com and witter.com) Sophos noted.

Apple was the most-squatted company, according to this method: resolving Microsoft typos were at 61%, Twitter at 74%, Facebook at 81%, Google at 83% and Apple at 86%.

Sophos concluded that “there is a significant typosquatting ecosystem around high-profile, often-typed domain names.”

But it did not find as much malware as it was expecting, with only one domain leading to a malware site, 0.07% of the total.

However, 2.7% of the URLs “fell into the loose category of cybercrime”, which “means they are, or have been, associated with hacking, phishing, online fraud or spamming”.

The report, which also fingers parking services from Demand Media, Sedo, Oversee and Bodis as the recipients of 37% of the typo traffic, contains much more data and is well worth a read.

Annoyingly, it appears that Sophos only surveyed .com domains, so the data doesn’t really tell us much about the impact of TLDs (such as .co) on the typosquatting problem.

Go Daddy bans DNS harvesting

Go Daddy is blocking companies from harvesting its DNS records, the company has confirmed.

CTO Dave Koopman denied that Go Daddy has a “DNS Blackouts” policy, but confirmed that it has banned certain IP addresses from doing DNS queries for its customers’ domains. He wrote:

The rumor about “DNS Blackouts” was started by someone using Go Daddy servers to cache all Go Daddy DNS records on his personal servers for financial gain.

Back to our previous example of 100 queries a day. Instead of one person accessing 100 domain names, this individual was attempting to download tens of millions of Go Daddy DNS records – twice daily. While his behavior did not cause any system issues, we felt it best to revoke access to the offending IPs.

If Go Daddy finds unwanted activity in our network, Go Daddy takes actions to stop it.

That appears to be a reference to a blog post from DNSstuff.com founder R Scott Perry, who complained in early September about what he called a “Selective DNS Blackouts” policy.

Perry suggested that Go Daddy was trying to drum up interest in its Premium DNS service by providing poor DNS service to regular customers.

Blocking DNS queries from selected IP addresses draws to mind Go Daddy’s policy of banning DomainTools and other companies from harvesting Whois records in bulk.

In January, the company confirmed, that it was blocking commercial Whois aggregators including DomainTools. The ban appears to still be in affect for non-paying DomainTools users.

Like DomainTools, DNSstuff.com offers DNS monitoring and alerts for premium fees.

ICANN steps in front of astrology lawsuit

ICANN has agreed to take over a critical online time zone database, after its original operators were sued for copyright infringement by an astrology software company.

The organization said last night that it will start to manage the Internet Time Zone Database, following the retirement of Arthur David Olson, who has managed it for nearly 30 years at the US National Institutes of Health.

“The Time Zone Database provides an essential service on the Internet and keeping it operational falls within ICANN’s mission of maintaining a stable and dependable Internet,” ICANN COO Akram Atallah said.

While it’s possible that ICANN will face criticism for this apparent case of “mission creep”, the move could actually be pretty good news for new top-level domains applicants.

The tz database is used by countless applications and platforms. It’s baked into Java, PHP, Perl, Python, .NET, PostgreSQL and BSD-derived operating systems including Mac OS X.

If ICANN is able to leverage those relationships, it may be able to increase adoption of its Universal Acceptance of TLDs project, an authoritative database of all live TLDs.

This could help new gTLDs, primarily those longer than three characters, have a smoother ride in terms of compatibility with internet software.

But the real reason for the handover to ICANN at this time appears to be the fact that Olson was sued at the end of September by Astrolabe, a Massachusetts-based provider of astrology software.

Astrolabe claims (pdf) it has copyright on some facts about historical time zone information, and has sued Olson for an injunction and damages

The lawsuit prompted the removal of the FTP site where the database is hosted, and oodles of bad karma for Astrolabe after the suit was reported in The Register.

So has ICANN just risked having its name added to the lawsuit in order to ensure the ongoing stability of the time zone database? Is it taking one for the team? It certainly appears so.

According to Astrolabe’s latest observations:

Conditions are confused and uncertain. Feelings run high. Perceptions are altered, leading to misunderstandings. Imagination, escapism, and gullibility are factors to contend with.

Indeed.