« February 2014 | Main | April 2014 »

March 2014

Wednesday, 12 March 2014

DNS zone data access in the “new TLD” era, Part II: Managing and Downloading zone data

In Part I, DNS zone data access in the "new TLD" era, I introduced  Centralized Zone Data Access Service  (CZDS), a portal the ICANN community has deployed to help manage access to TLD zone files. I explained the steps you take to create an account, enable secure access, and select TLDs you want to access. Once you've completed this process, you must wait for approval by the registry operators for the TLDs you've selected, typically 2-3 days.

ApprovalsYou can check the status of your zone access requests by logging into the CZDS at a later date and visiting the CZDS Dashboard. From the Dashboard, you can click on URLs embedded under a TLD string to review status (or you can choose from the Pending, Approved, Denied tabs).

Approval times may vary among registry operators.

Approved requests grant access to TLD zone data for a minimum of 90 days. 

Guru

Once you've been approved to access a TLD's zone data, visit the Request Detail page for that TLD and click on the Download Zone File button.

Zone files will be downloaded to your browser's default download directory or folder. The file will be compressed in GNU Zip (.gz) compressed archive format.

For convenience and automation purposes, zone files follow a common naming convention:

YYYYMMDD-<tld-string>-zone-data.txt.gz

Uncompress the archive file, open the text (.txt) file, and you'll be able to examine all the resource records that comprise the TLD zone.

Gurutldzonedata

Posted at 08:45 AM in Domain names and DNS | | Comments (2)

Saturday, 08 March 2014

Top 5 #infosec reads: March 3-7, 2014

by Matt Piscitello

Richard Clarke on gathering intel, WiFi malware, a peak at the 2014 DBIR, webcam image harvesting, and TrustyCon  top this week's list of infosec-worthy reads.

10 Important Observations on US Intelligence Gathering

Richard Clarke, chairman and CEO of Good Harbor and former US National Security Coordinator, gave his RSA keynote speech based on his time spent in the Review Group on Intelligence and Communications Technology last fall. Clarke claims that the NSA's ability to collect intelligence, "created the potential for a police surveillance state," making it vital to control the organization and prevent such an outcome. He added, however, that "the reason that other countries are secure is because of US intelligence and NSA".

A New Form of Malware Puts Wifi at Serious Risk 

Chameleon is a new form of malware designed to exploit structural weaknesses in wireless access points and systems while avoiding detection through a variety of tactics. The researchers report that "the code was able to successfully infect remote systems, since traditional security software looks for malware either on the host system or the Internet – not across a wireless link", allowing the code to attack other computers that are wirelessly linked to a router. In its proof-of-concept run by a Liverpool research team, Chameleon did not affect how the AP worked, "but was able to collect and report the credentials of all other WiFi users who connected to it." 

Enterprises Are Losing Ground Against Persistent Cyberattacks

The soon to be released Verizon's 2014 Data Breach Investigations Report (DBIR) will use breach data from a record 50 contributors, and very little of it presents good news for businesses. The report will surprise no one: in the battle of cybercrime versus enterprise security, enterprises are on the losing side, and continue to fall behind against the relentless assault from cyberattacks.  

Yahoo Disapproves of GCHQ Taking Its Web Images

The UK's GCHQ has been accused by The Guardian of harvesting images from Yahoo users through Operation Optic Nerve between 2008 and 2010. GCHQ's response was that its work was done within the confines of the law and was, "authorized, necessary and proportionate." Sarb Sembhi, an analyst and director of consulting with Incoming Thought, believes the webcam program was "[blanket] harvesting without analysis" and  that the budget for the operation was most likely spent more on storage of data than actually looking at it. Yahoo! claims it wasn't aware of the image harvesting and objects to the privacy violation.

Despite waning 2014 RSA Conference boycott, infosec giants on the defensive

A protest intended to raise awareness of the RSA-NSA controversy  had little impact on the 2014 RSA conference attendance, but a protest "shadow conference" called "TrustyCon" ran next door and also sold out rapidly. The RSA is still taking heavy criticism for receiving $10 million from the NSA in 2013, but most businesses and customers attending the conference were chiefly concerned with improving their own security, and less so with the possibility that vendors were undermining their security. The protest did cause senior execs from a number of security vendors to defend their companies against allegations of backdoors and working with intelligence agencies.

Posted at 08:23 AM in All matters security, Top Infosec Reads | | Comments (0)

« Previous | Next »
Find me on Mastodon and Facebook

Spotlight Posts

  • The World's Phishiest Neighborhoods
    In this Interisle Insights article, we take a closer look at our data to better understand what’s hosted at three autonomous systems which have appeared at or near the top in recent quarters. We’ll also review who’s being targeted by these attacks and what corresponding name and address resources are most frequently exploited. Autonomous systems are blocks of Internet addresses, which you can compare to "neighborhoods" in a city. And like any city, some neighborhoods are safe and some are not. The full article, The World's Phishiest Neighborhoods, is hosted here.
  • Interisle Study Reveals Alarming Rise in Online Abuse and Identifies Exploitable Links in Cybercriminal Supply Chains
    My Interisle colleagues and I today published our 2024 Cybercrime Suppy Chain study. We analyzed 16 million cybercrime events to expose a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains. Our year-over-year findings show that cybercriminals exploit lax policies to easily and cheaply obtain resources for phishing, malware, and spam campaigns. In our report, we provide actionable insights for those aiming to curb cybercrime. Among the major findings in the study, Interisle reports that: The total number of malware, phishing, and spam attacks grew year-over-year by nearly 54%, to nearly 16.3 million attacks. Spam doubled,...
  • Malware quarterly reports for July-September
    Malware quarterly reports for July-September 2024 is now posted at the Cybercrime Information Center. For the period... Malware identified as targeting endpoint devices increased 277% over the prior period. WordPress blog sites used for malware accounted for nearly all the malicious documents reported for this period. We continue to see an uptick in malicious scripts. IPv4 addresses reported for exhibiting characteristics of attackware and traffic injectors increased 38% to just under 1 million. ASNs in China and India again have the most IPv4 addresses reported for hosting malware. More malware trends for the period at https://www.cybercrimeinfocenter.org/malware-trends-july-september-2024. For historical reporting of...
  • Interisle's Phishing Landscape 2024 is here
    Our Interisle team today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing. Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period. Findings from the study: • The total number of phishing attacks grew to ~1.9 million incidents worldwide. • Phishing attacks hosted at subdomain providers increased by 450,000+ reported names, representing 24% of all phishing attacks. • The use of...
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....

Search

My Photo

Categories