Items tagged with DNS
A new set of nine vulnerabilities that affect popular TCP/IP stacks, specifically relating to Domain Name Systems (DNS) implementations, were revealed yesterday. According to researchers at Forescout and JSOF, these vulnerabilities, collectively identified as NAME: WRECK, could impact at least 100 million IoT devices, leading to denial of service (DoS) and remote code execution. Forescout reports that the NAME:WRECK vulnerabilities are bugs within TCP/IP stacks FreeBSD, Nucleus NET, IPnet, and NetX. These stacks are used in millions of different devices, and when paired with the “often external exposure of vulnerable DNS clients,” the attack surface can be quite a large target. The...
Read more...
Domain Name Service (DNS) servers partially make up the internet's backbone as we know it. They allow anyone to plug a URL in and go to a website, as otherwise, we would have to know the IP address for every website. These servers also handle IP addresses from people trying to get to websites, which could be a privacy concern. To quell the concerns, CloudFlare plans to implement a new DNS standard called Oblivious DNS over HTTPS (oDoH) to ensure privacy through a “technical guarantee.” When DNS first launched and with implementations that remain today, data is sent in plaintext over the internet to resolve a website with DNS servers. Thus, the Internet Engineering Task Force standardized...
Read more...
As far as Mozilla is concerned, its Firefox browser is becoming more secure by being the only one to enable encrypted DNS over HTTPS (DoH) by default for users in the United States. The gradual rollout has already begun and will continue over the new few weeks, so long as no major issues rear their ugly heads. "Today, we know that unencrypted DNS is not only vulnerable to spying but is being exploited, and so we are helping the internet to make the shift to more secure alternatives. We do this by performing DNS lookups in an encrypted HTTPS connection. This helps hide your browsing history from attackers on the network, helps prevent data collection by third parties on the network that ties your...
Read more...
Microsoft is having a "Do'h!" moment, though not in the bumbling, Homer Simpson sense. Quite the opposite, actually. In a blog post, Microsoft announced its Windows Core Networking team is working on improving user privacy by implementing DNS over HTTPS, or DoH for short, into a future build of Windows 10. From Microsoft's vantage point, supporting encrypted DNS queries in Windows 10 would essentially close one of the last remaining plain-text domain name transmissions in common web traffic. At the same time, Microsoft says providing encrypted DNS support will not be easy without breaking existing Windows device admin configurations. "With the decision made to build support for encrypted DNS,...
Read more...
One year ago today on April Fools’ Day, Cloudflare launched its1.1.1.1 DNS service that was aimed at helping to speed up DNS requests, improve privacy, and give users an overall boost in internet performance. The 1.1.1.1 DNS service is still operational, and has become the second largest public DNS service behind #1 Google, while offering half the latency. Back in November, Cloudflare launched its 1.1.1.1 app to bring its speedy and privacy-centric DNS service to Android and iOS users, and today it is expanding the app with the addition of Virtual Private Networking (VPN) functionality. The company is calling this VPN “Warp”, and it encrypts all of your data, not just traffic...
Read more...
At this point, it sure seems like the folks at Cloudflare know how this whole "internet" thing works, as the company is trying very hard to keep the web fast and more secure. That includes websites that are cached using its services, helping to deliver faster page loads to the reader, or even routing your own internet connection through its servers for better privacy. Earlier this year, Cloudflare released its 1.1.1.1 service, which like Google's 8.8.8.8 DNS, routes all of your internet connections through the company's own servers, in effect obfuscating your true origin (except to Cloudflare). At home, using a specific DNS might not be too important, since speed is (likely) already at its best,...
Read more...
Each year on April 1 we are a bit skeptical about some of the stuff we read because some of it isn’t real. Cloudflare, the same company that uses a wall of lava lamps to generate encryption keys, swears that its new 1.1.1.1 consumer DNS service is the real deal. The promise is that the new DNS service is the fastest on the web and is designed with privacy-first in mind. If you aren’t sure what DNS is, Cloudflare describes it this way, "DNS is the directory of the Internet. Whenever you click on a link, send an email, open a mobile app, often one of the first things that has to happen is your device needs to look up the address of a domain. There are two sides of the DNS network: Authoritative...
Read more...
If the internet was incredibly slow for you this morning when browsing certain websites, or if you were having trouble posting your “wakeup” tweet to Twitter, we now know the root cause. A massive distributed denial of service (DDoS) attack was carried out against Dyn, which provides DNS service to a number of big name sites including Amazon, Twitter, reddit, Spotify, The New York Times, and Airbnb (among others). The outages seemed to mainly be concentrated around the northeastern United States, with another “hot pocket” of activity centered in Texas. Dyn posted a note to its website earlier this morning, writing: Starting at 11:10 UTC on October 21st-Friday 2016 we began monitoring and mitigating...
Read more...
Was your high-speed Internet service acting wonky yesterday? Are you a Charter customer? If you answered 'yes' to both questions, you're not alone. It appears that Charter, the nation's fourth largest cable operator, suffered a widespread outage in broadband Internet service starting on late Saturday afternoon and continuing into the night. This editor happens to reside in southwest Michigan and was affected by the outage, as were residents of Minnesota, North Carolina, South Carolina, and several other states. According to Charter spokeswoman Kim Haas, the service disruptions were "intermittent across parts of our footprint." Charter offers fast Internet service, but last night, a widespread...
Read more...
If you're looking to get Google all sorts of fired up, here's a surefire way to do it: start screwing with its DNS servers. Turkey has been in the spotlight of late due to its anti-freedom of speech moves of late, starting with a nationwide blocking of Twitter followed by a similar approach to YouTube. Political shots are to blame, as you could probably guess, but many had turned to Google's own DNS servers in order to bypass the various blocks. Which was working great... for a time. Now, Google itself has published a blog saying the following: "We have received several credible reports and confirmed with our own research that Google’s Domain Name System (DNS) service has been intercepted...
Read more...
Ownership of the Internet is about to undergo a massive change, as the U.S. is planning to cede sole control of Internet governance to the global private sector. The U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) announced that it will fulfill the mandate outlined back in the late 1990s that the agency would eventually phase out its administrative role over the DNS (Domain Name Server) and its interest in ICANN and place it in the hands of “global stakeholders”. “The timing is right to start the transition process,” said Assistant Secretary of Commerce for Communications and Information Lawrence E. Strickling in a...
Read more...
If you've had a difficult time connecting to select websites over the past few days, there's a very good chance that an on-going attack against spam-prevention agency Spamhaus is to blame. Spamhaus, based in London and Geneva, helps e-mail providers filter spam, and to do this, it manages a blocklist that includes any server verified to be used for the sole purpose of distributing unwanted content. You can see where this is going. Cyberbunker, a host that touts its willingness to host anything outside of child pornography and terrorism materials, recently found itself on Spamhaus' blocklist. It hasn't taken too kindly to the inclusion, and has begun working with "criminal gangs" in Eastern Europe...
Read more...
As we reported on Tuesday, GoDaddy suffered a major outage that left thousands, and potentially millions of customers with downed websites and services. While a supposed member of the Anonymous collective took credit for an attack, GoDaddy has since concluded that no hack or distributed denial of service attack took place. Instead, the company has posted on its site that the cause of the issue was a router that somehow had its data tables corrupted. Many have remained skeptical about this claim, however, as for a single router being able to take out all of GoDaddy seems unlikely. All hosts have, or should have, excellent redundancy in place. GoDaddy's outage didn't last mere minutes, but hours....
Read more...
The Domain Name System, or DNS, is the address book of the Internet. Type in a site name such as www.amazon.com, and DNS servers "resolves" that name into an IP address, which is a set of numbers that can get you to the site. On Thursday, Google announced its own DNS service, called Google Public DNS, which it says is part of its initiative to "speed up the Internet."For most people, DNS is hidden. Routers, DSL and cable modems usually automatically set up the DNS servers used by your home network. You can change this, either by changing the settings on your router, or by changing it on each PC individually, but it's not, as Google itself admits, for the faint of heart.You will have a primary...
Read more...
If you’re looking to register a domain name, you might want to stay away from EstDomains. ICANN, the net’s authority over domain names is ready to pull the plug on this Estonia-based seller of domain names. Security experts have long accused EstDomains of being a refuge for cyber criminals for years. On Tuesday, ICANN told EstDomains that it was revoking its accreditation since it learned the company’s president had been convicted of online credit card fraud and money laundering in February. In a notice, ICANN said that it was freezing EstDomains' ability to register new domain names and looking to transfer 281,000 domain names that are currently under EstDomains’ management. ICANN put the...
Read more...
