Each month, we share the most interesting DNS, security, and enterprise IT content on our Google+, Facebook, and Twitter pages. We know you don’t always have time to read all that great material, so we’ve gathered the best content from May and brought it together in one convenient roundup. Enjoy!
- Your DNS Server Is Helping DDoS Attacks – In the first quarter of this year, it was reported that the Internet experienced a 700 percent DDoS bandwidth increase. As DDoS attacks force more bandwidth onto a target, it means that even the largest enterprise networks can succumb to over-utilization.
- Hacked DNS Servers Used in Linux/Cdorked Malware Campaign – The attack that employed compromised Apache Web server binaries is turning out to be more complex than originally thought, as researchers now have found that the attackers also are using Trojaned Nginx and Lighttpd binaries as part of the campaign.
- Fun and Games in ICANN’s new gTLD Process – Most readers are probably aware that the Internet Corporation for Assigned Names and Numbers (ICANN) has recently introduced a process to open up the domain system to a myriad of new generic Top Level Domains (gTLDs). In this context “generic” may be somewhat of a misnomer, because a number of the domains applied for correspond with proprietary trademarks and brand names.
- Academic Institutions Urged to Take Steps to Prevent DNS Amplification Attacks – The Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) advised academic institutions this week to review their DNS (Domain Name System) and network configurations in order to prevent their systems from being abused to amplify DDoS attacks.
- DNS Anomaly Detection: Defend Against Sophisticated Malware – Not so long ago, the standard way of looking for a malware infection was to simply monitor web traffic. By looking, for example, for HTTP requests to google.com/webhp – a typical Internet connectivity check – we could easily pinpoint a ZeuS infected machine. Problem solved.
- Africa Domain Name System Forum to be Held in Durban, South Africa, 12-13 July 2013 – The Africa Domain Name System (DNS) Forum will be held on 12 – 13 July 2013 in Durban, South Africa. The event aims to establish a platform for the DNS community across Africa and to advance the domain name industry and domain name registrations on the continent.
- Security Studies on the Use of Non-Delegated TLDs, and Dotless Names – ICANN‘s mission and core values call to preserve and enhance the operational stability, reliability, security, and global interoperability of the Internet. In pursuing these goals and following the direction of its Board of Directors as well as the advice of the Security and Stability Advisory Committee, ICANN is announcing two studies regarding: 1) the use of non-delegated TLDs and 2) potential risks related to dotless domain names.
- This Is the Most Detailed Picture of the Internet Ever (and Making it Was Very Illegal) – Why would you need a map of the Internet? The Internet is not like the Grand Canyon. It is not a destination in a voyage that requires so many right turns and so many left turns.
- DDoS Grows to the Point of Breaking Internet – Denial of service attacks as we know, overwhelms the target server with large number of requests which eventually leads to the service going offline or inaccessible during that time. The main purpose of DDoS can be considered as disrupting the services of target in order to cause them a financial loss, or it could be some fanatic driven attack who wants their demands to be met by other people.
- DDoS Services Advertise Openly, Take PayPal – The past few years have brought a proliferation of online services that can be hired to knock Web sites and individual Internet users offline. Once only found advertised in shadowy underground forums, many of today’s so-called “booter” or “stresser” services are operated by U.S. citizens who openly advertise their services while hiding behind legally dubious disclaimers.
- Why The Onion Is Awesome for Publishing Details of Its Twitter Hack – The Onion, the satirical news site that saw its Twitter account hijacked by a Syrian hacker group earlier this week, has just performed a pretty significant bit of public service. In a detailed post, the site’s tech team has published a fairly thorough tick-tock on how the attack was carried out.
- PayPal’s Chief Information Security Officer says Passwords’ Days are Numbered – Recently speaking at the Interop IT conference, PayPal’s chief information security officer, Michael Barrett, stated that passwords and PINs were operating on borrowed time. Barrett hopes to replace online security keys with a setup that’s a blend of software and hardware-based identification.
- Anatomy of a Hack: How Crackers Ransack Passwords like “qeadzcwrsfxv1331” – In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them.
- Shadowserver Fights Amplified DDoS Attacks – The Shadowserver Foundation is compiling a list of recursive DNS servers in a bid to reduce the risk of large distributed denial of service attacks. DNS amplification was behind the series of distributed denial of service attacks billed by the popular press as the world’s biggest cyber attack.
- A Variety of Options Make Data Center Expansion Difficult – When MIT launched edX, an online education resource, professors never dreamed that interested students would jump at the opportunity. Anant Agarwal, president of edX, had expected 5,000 participants, but 120,000 people signed up instead. That stunning success put an enormous and unexpected burden on computing capacity.
- Google’s Inactive Account Manager Heightens Enterprise Awareness for Securing Data – Google’s new Inactive Account Manager feature has added options and predictability to the process of distributing digital assets when someone dies, or when someone simply stops using the service for a preset period of time.
- Consumerization of IT: Mobile Data Management – Gartner has predicted that in “2013 mobile phones will overtake PCs as the most common Web access device worldwide” and that “by 2015 media tablet shipments will reach around 50 percent of laptop shipments.”
- Why Data Centers are Necessary for Enterprise Businesses – When it comes to IT infrastructure requirements, data centers are a top priority. Data centers are now seen as a key business parameter, and not as an external facility for storage of information and business operation models.
- Enterprise Ecommerce Security: How to Keep Your Ecommerce Website Secure – Managing and securing an enterprise-level ecommerce website is not child’s play. Cutting corners is not an option when it comes to the safety of customers’ confidential data.
We’ll leave you this month with a glance at the history of the Internet and the important role that DNS continues to play.
Image Source: John Davies
Also published on Medium.