Recent Posts
- ICANN board seat up for reelection
- Verisign: our DNS was not hacked
- New gTLD applications briefly vanish after glitch
- .sas could be the first contested dot-brand gTLD
- .com passed 100 million mark in October
- Startup America obtains s.co and offers free .co domains to entrepreneurs
- Hackers stole data from Verisign, Blacknight
- .me beating .co in start-ups?
- Moniker and SnapNames join Key-Systems stable
- Exclusive: StarHub confirms dot-brand gTLD bid
- Cybersquatters face jail time in the Philippines
- ICANN advertises new gTLDs on Twitter
- ARI signs up 21 new gTLD clients
- Five amusing Twitter accounts to follow
- Verisign to apply for a dozen new gTLDs
- Manwin files its first cybersquatting complaint
- ICANN tells Congressmen to chillax
- Sedari wins .moscow contract
- Ombudsman dealing with new gTLDs complaint
- One-year .co.uk domains will be more expensive
Verisign: our DNS was not hacked
Verisign today reiterated that the recently revealed 2010 security breaches on its corporate network did not affect its production domain name system services.
In a statement, Verisign said:
After a thorough analysis of the attacks, Verisign stated in 2011, and reaffirms, that we do not believe that the operational integrity of the Domain Name System (DNS) was compromised.
We have a number of security mechanisms deployed in our network to ensure the integrity of the zone files we publish. In 2005, Verisign engineered real-time validation systems that were designed to detect and mitigate both internal and external attacks that might attempt to compromise the integrity of the DNS.
The statement followed several news reports that covered the hacks and speculated about the mayhem that could ensue if Verisign’s root or .com zone systems were ever breached.
The information the company has released so far suggests that the attacks were probably against back-office targets, such as user desktops, rather than its sensitive network operations centers.
Hackers stole data from Verisign, Blacknight
Hackers broke into Verisign’s corporate network and made out with sensitive data, it emerged today.
The attacks happened in 2010 and the company does not believe its all-important domain name infrastructure – which supports .com and several other top-level domains – was compromised.
Reuters broke the news today, but the attack was actually revealed in a Securities and Exchange Commission filing last October. The filing said:
In 2010, the Company faced several successful attacks against its corporate network in which access was gained to information on a small portion of our computers and servers. We have investigated and do not believe these attacks breached the servers that support our Domain Name System (“DNS”) network. Information stored on the compromised corporate systems was exfiltrated.
The filing, which was required under recent SEC disclosure rules, goes on to say that the attacks were “not sufficiently reported to the Company’s management” until September 2011.
It adds that Verisign does not know whether the “exfilitrated” – ie, stolen – data was used by the attackers. The filing does not say what was taken.
Back in 2010, Verisign was still a security company. It did not sell off its SSL business to Symantec until August that year. The filing does not say whether SSL data was breached.
As one of the logical single points of failure on the internet, Verisign is of course the subject of regular attacks, mainly of the performance-degrading distributed denial of service variety.
The bigger worry, as Reuters rather breathlessly notes, is that if hackers could compromise the integrity of the DNS root or .com/.net zones, it could lead to mayhem.
In unrelated news, the domain name registrar Blacknight today revealed that it got hacked on Tuesday.
The attackers may have got away with contact information – including email addresses and telephone numbers – for up to 40,000 customers, the company said.
Financial information such as credit card numbers was not compromised, Blacknight said.
The company has contacted Irish data protection regulators and will also inform the police. Customers are advised to change their passwords.
If you’re a Blacknight customer you’ll also want to be on the lookout for “spear-phishing” attacks in the near future. When the bad guys know your name, it can lead to a more convincing phish.
High-security .bank spec published
BITS, the technology arm of the Financial Services Roundtable, has published a set of specifications for new “high-security” generic top-level domains such as .bank and .pay.
The wide-ranging spec covers 31 items such as registration and acceptable use policies, abusive conduct, law enforcement compliance, registrar relations and data security.
It would also ban Whois proxy/privacy services from financial gTLDs and oblige those registries to verify that all Whois records were fully accurate at least once every six months.
The measures could be voluntarily adopted by any new gTLD applicant, but BITS wants them made mandatory for gTLDs related to financial services, which it calls “fTLDs”.
A letter sent by BITS and the American Bankers Association to ICANN management in late December (pdf) is even a bit threatening on this point:
We strongly urge that ICANN accept the [Security Standards Working Group's] proposed standards and require their use in the evaluation process. We request notification by 31 January 2012 that ICANN commits to use these fTLD standards in the evaluation of the appropriate gTLD applications. BITS, the American Bankers Association (ABA), and the organizations involved in this effort are firmly committed to ensuring fTLDs are operated in a responsible and secure manner and will take all necessary steps to ensure that occurs.
BITS, it should be pointed out, is preparing its own .bank bid (possibly also .invest and .insure) so the new specs give a pretty good indication of what its own gTLD applications will look like.
ICANN’s Applicant Guidebook does not currently mandate any security standard, but it does say that security practices should be commensurate with the level of trust expected from the gTLD string.
Efforts within ICANN to create a formal High Security Zone Top Level Domain (HSTLD) standard basically fizzled out in late 2010 after ICANN’s board said it would not endorse its results.
That said, any applicant that chooses to adopt the new spec and can demonstrate it has the wherewithal to live up to its very strict requirements stands a pretty good chance of scoring maximum points in the security section of the gTLD application.
Declining to implement these new standards, or something very similar, is likely to be a deal-breaker for any company currently thinking about applying for a financial services gTLD.
Even if ICANN does not formally endorse the BITS-led effort, it is virtually guaranteed that the Governmental Advisory Committee will be going through every financial gTLD with a fine-toothed comb when the applications are published May 1.
The US government, via NTIA chief Larry Strickling, said this week that the GAC plans to reopen the new gTLD trademark protection debate after the applications are published.
It’s very likely that any dodgy-looking gTLDs purporting to represent regulated industries will find themselves under the microscope at that time.
The new spec was published by BITS December 20. It is endorsed by 17 companies, mostly banks. Read it in PDF format here.
Typosquatting is huge but not dangerous, study finds
A study of typosquatted domain names has found that the practice is reaching pandemic levels for the largest brands, but that there’s surprisingly little malware distribution going on.
The security company Sophos surveyed 2,249 domains that were one letter different to the .com sites of Facebook, Google, Twitter, Apple and Microsoft, and found that two thirds resolved.
Not all of those 1,502 sites were malicious typosquats; some were legitimate sites that just happened to have similarly spelled names (such as goole.com and witter.com) Sophos noted.
Apple was the most-squatted company, according to this method: resolving Microsoft typos were at 61%, Twitter at 74%, Facebook at 81%, Google at 83% and Apple at 86%.
Sophos concluded that “there is a significant typosquatting ecosystem around high-profile, often-typed domain names.”
But it did not find as much malware as it was expecting, with only one domain leading to a malware site, 0.07% of the total.
However, 2.7% of the URLs “fell into the loose category of cybercrime”, which “means they are, or have been, associated with hacking, phishing, online fraud or spamming”.
The report, which also fingers parking services from Demand Media, Sedo, Oversee and Bodis as the recipients of 37% of the typo traffic, contains much more data and is well worth a read.
Annoyingly, it appears that Sophos only surveyed .com domains, so the data doesn’t really tell us much about the impact of TLDs (such as .co) on the typosquatting problem.
Libyan registry hacked by anti-Gaddafi crackers
The official registry web site for the Libyan top-level domain has been defaced by anti-Gadaffi crackers.
Nic.ly currently looks like this (click to enlarge):
The attack appears to be limited to the web server – as bit.ly domains are still resolving I assume the culprits have not managed to take control of the registry’s more important systems.
Libya famously cut itself off from the internet in March, shortly after the ongoing rebel uprising – which today arrived on the streets of Tripoli – kicked off.
The .ly domain also went completely dark in 2004 after a communication breakdown between the registry manager and IANA.
(via Sophos)
