CAA Records and Site Security

19 November 2018 | Comments Off on CAA Records and Site Security

The little green lock—now being deprecated by some browsers—provides some level of comfort for many users when entering personal information on a web site. You probably know the little green lock means the traffic between the host and the site is encrypted, but you might not stop to ask the fundamental question of all cryptography:…

Short Take: DNSSEC Deployment

6 November 2018 | Comments Off on Short Take: DNSSEC Deployment

BGP Hijacks: Two more papers consider the problem

5 November 2018 | Comments Off on BGP Hijacks: Two more papers consider the problem

The security of the global Default Free Zone DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again—it is worth looking at what these two papers add to the mix of what is known, and what…

The Diminishing Returns of Strong Passwords

17 October 2018 | Comments Off on The Diminishing Returns of Strong Passwords

Research: Tail Attacks on Web Applications

12 September 2018 | 1 Comment

When you think of a Distributed Denial of Service (DDoS) attack, you probably think about an attack which overflows the bandwidth available on a single link; or overflowing the number of half open TCP sessions a device can have open at once, preventing the device from accepting more sessions. In all cases, a DoS or…

Research: DNSSEC in the Wild

5 September 2018 | Comments Off on Research: DNSSEC in the Wild

The DNS system is, unfortunately, rife with holes like Swiss Cheese; man-in-the-middle attacks can easily negate the operation of TLS and web site security. To resolve these problems, the IETF and the DNS community standardized a set of cryptographic extensions to cryptographically sign all DNS records. These signatures rely on public/private key pairs that are…

CLKscrew: Another side channel you didn’t know about

30 August 2018 | Comments Off on CLKscrew: Another side channel you didn’t know about

Network engineers focus on protocols and software, but somehow all of this work must connect to the hardware on which packets are switched, and data is processed. A big part of the physical side of what networks “do” is power—how it is used, and how it is managed. The availability of power is one of…

Give the Monkey a Smaller Club

15 August 2018 | Comments Off on Give the Monkey a Smaller Club

Research: Are We There Yet? RPKI Deployment Considered

13 August 2018 | Comments Off on Research: Are We There Yet? RPKI Deployment Considered

The Resource Public Key Infrastructure (RPKI) system is designed to prevent hijacking of routes at their origin AS. If you don’t know how this system works (and it is likely you don’t, because there are only a few deployments in the world), you can review the way the system works by reading through this post…

Network Collective: Security and Analytics

8 August 2018 | Comments Off on Network Collective: Security and Analytics

In this community roundtable, Eyvonne and I talk to Eric Osterweil about the increasing reliance on analytics in the realm of security.