Latest news of the domain name industry

Recent Posts

Bit-squatting – the latest risk to domain name owners

Kevin Murphy, July 26, 2011, Domain Tech

Forget phishing, forget cybersquatting, forget typosquatting, high-value domain name owners may have a whole new threat to worry about – “bit-squatting”.

This appears to be the conclusion of fascinating new research to be presented by Artem Dinaburg at the Black Hat and DEF CON hacker conferences in Las Vegas next week.

Defective internet hardware, it turns out, may be enabling a whole new category of typosquatting that could prove worrying for companies already prone to domain name abuse.

According to a summary of Dinaburg’s research, RAM chips can sometimes malfunction due to heat or radiation, resulting in “flipped bits”, where a 1 turns into a 0 or vice-versa.

Because the DNS uses ASCII encoding, a query containing a single flipped bit could actually send the user to a completely different domain name to the one they intended to visit.

To test the theory, Dinaburg appears to have registered the typo domain name mic2osoft.com. While it’s not visually confusing or a likely typo, in binary it is only one bit different to microsoft.com.

The ASCII binary code for the digit 2 is 00110010, which is only one bit different to the lower-case letter r, 01110010.

The binary for the string “microsoft” is:

011011010110100101100011011100100110111101110011011011110110011001110100

and the binary encoding for “mic2osoft” is (with the single changed bit highlighted):

011011010110100101100011001100100110111101110011011011110110011001110100

Therefore, if that one bit were to be accidentally flipped by a dodgy chip, the user could find themselves sending data to the bit-squatter’s domain rather than Microsoft’s official home.

I would assume that this is statistically only a concern for very high-traffic domains, and only if the bit-flipping malfunction is quite widespread.

But Dinaburg, who works for the defense contractor Raytheon, seems to think that it’s serious enough to pay attention to. He wrote:

To verify the seriousness of the issue, I bit-squatted several popular domains, and logged all HTTP and DNS traffic. The results were shocking and surprising, ranging from misdirected DNS queries to requests for Windows updates.

I hope to convince the audience that bit-squatting and other attacks enabled by bit-flip errors are practical, serious, and should be addressed by software and hardware vendors.

His conference presentations will also discuss possible hardware and software solutions.

For large companies particularly at risk of typosquatting, the research may also present a good reason to conduct a review of their trademark enforcement strategies.

I’m not going to be in Vegas this year, but I’m looking forward to reading more about Dinaburg’s findings.

The annual Black Hat and DEF CON conferences are frequently the venues where some of the most beautifully creative DNS hacks are first revealed, usually by Dan Kaminsky.

Kaminsky is not discussing DNS this year, judging by the agendas.

The conferences were founded by Jeff Moss, aka The Dark Tangent, who joined ICANN as its chief security officer earlier this year.

Browser makers brush me off on DNSSEC support

Kevin Murphy, July 29, 2010, Domain Tech

A couple of weeks back, I emailed PR folk at Microsoft, Mozilla, Google and Opera, asking if they had any plans to provide native support for DNSSEC in their browsers.

As DNS uber-hacker Dan Kaminsky and ICANN president Rod Beckstrom have been proselytizing this week at the Black Hat conference, support at the application layer is the next step if DNSSEC is to quickly gain widespread traction.

The idea is that one day the ability to validate DNSSEC messages will be supported by browsers in much the same way as SSL certificates are today, maybe by showing the user a green address bar.

CZ.NIC has already created a DNSSEC validator plugin for Firefox that does precisely that, but as far as I can tell there’s no native support for the standard in any browser.

These are the responses I received:

Mozilla: “Our team is heads down right now with Firefox 4 beta releases so unfortunately, I am not going to be able to get you an answer.”

Microsoft:
“At this stage, we’re focusing on the Internet Explorer 9 Platform Preview releases. The platform preview is a developer and designer scoped release of Internet Explorer 9, and is not feature complete, we will have more to share about Internet Explorer 9 in the future.”

Google: No reply.

Opera: No reply.

In 11 years of journalism, Apple’s PR team has never replied to any request for information or comment from me, so I didn’t bother even trying this time around.

But the responses from the other four tell us one of two things:

  • Browser makers haven’t started thinking about DNSSEC yet.

Or…

  • Their PR people were just trying to brush me off.

I sincerely hope it’s the former, otherwise this blog post has no value whatsoever.

ICANN chief to address hackers at Black Hat

Kevin Murphy, July 27, 2010, Domain Tech

Globe-trotting ICANN president Rod Beckstrom is heading to Vegas this week, to participate in a panel discussion on DNS security at the Black Hat conference at Caesar’s Palace.

He’ll be joined by Dan Kaminsky, discoverer of the notorious DNS vulnerability that bears his name, and is expected to sing the praises of the new DNSSEC security standard.

Also on tomorrow’s panel, entitled “Systemic DNS Vulnerabilities and Risk Management” are DNS inventor Paul Mockapetris, VeriSign CTO Ken Silva and NERC CSO Mark Weatherford.

ICANN and VeriSign recently signed the DNS root using DNSSEC standard. The challenge they face now is persuading everybody else in the world to jump on the bandwagon.

It’s likely to be slow going. DNSSEC has more than its fair share of skeptics, and even fierce proponents of the standard sometimes acknowledge that there’s not a heck of a lot in the way of a first mover advantage.

I’ll be interested to see if the subject of a DNS-CERT – a body to coordinate DNS security efforts – is raised either during the panel or the subsequent press conference.

From a policy point of view, DNSSEC is pretty much a done deal, whereas a DNS-CERT is still very much a matter for debate within the ICANN community.

I believe this is the first time ICANN has talked publicly at Black Hat. Beckstrom himself has taken the stage under his previous roles in government, but not as ICANN’s top dog.

Despite its name, Black Hat is a pretty corporate event nowadays. In my experience, the proper black/gray hats show up (or swap their lime green corporate polo shirts for Metallica T-shirts) at the weekend for Def Con, which is usually held at a cheaper venue around the corner.