To paraphrase Mark Twain (and Benjamin Disraeli if internet search results can be trusted), there are three kinds of DNS lies: lies, damn lies and DNS performance statistics. Most networking professionals know to have a healthy skepticism about information put out by the marketing departments of networking vendors. And so they should. It is the […]
In order to help our customers with their DNS-related questions, we wrote this blog post regarding the recently announced BIND vulnerability, CVE-4854. What happened? ISC announced a critical vulnerability in the popular BIND DNS software. This might affect you. BIND servers configured either as caching or authoritative are vulnerable.
Here are thoughts from our CTO, Bill Worley PhD, on properly securing critical infrastructure in our highly connected world. They are particularly applicable with what we have seen in the last year with increased DDoS attacks focused on the DNS and compromised systems for the theft of intellectual property.
Even though more than two years have passed since federal government agencies were required to support DNS Security Extensions (DNSSEC) on their web sites, only 57 percent of agencies have met these requirements. In other words, about 40 percent of federal agencies have not secured their domains to protect users from domain name hijacking and […]
Google announced this week that they have enabled Domain Name System Security Extensions (DNSSEC). This is essential for ensuring that DNS queries are directed to the real web site. With this in place Google is now checking the digital signatures on DNSSEC formatted messages. Currently 7% of the volume of all the queries Google handles […]
Last week President Obama signed an Executive Order in an attempt to strengthen the cybersecurity of critical infrastructure in the United States. This is an area much in need of improvement, but this Executive Order barely scratches the surface. The main points addressed by the order are to facilitate information sharing and to develop a […]
DNSSEC has been slow to be accepted by commercial sites, leading a lag in DNSSEC deployment, even though it is the best solution to prevent the exposure to site hijacking. This type of hijacking is possible because of a major flaw in DNS that makes it possible for hackers to launch cache poisoning, found by […]
A new DNS vulnerability was found in BIND yesterday, CVE-2012-5688. It is listed as a critical vulnerability. This adds to the list of major vulnerabilities discovered in BIND. Since February of 2011, a new high vulnerability has been found on average every 60 days. This is a worrisome trend for DNS administrators concerned with the […]
Kaspersky Lab has announced that they are developing a secure operating system for protecting SCADA (supervisory control and data acquisition) and ICS (industrial-control systems). These are the systems used for industrial control. They are core to most utility companies and industrial infrastructure, controlling such things as valves or switches.
