Research: Practical Challenge-Response for DNS

11 March 2019 | Comments Off on Research: Practical Challenge-Response for DNS

Because the speed of DNS is so important to the performance of any connection on the ‘net, a lot of thought goes into making DNS servers fast, including optimized software that can respond to queries in milliseconds, and connecting DNS servers to the ‘net through high bandwidth links. To set the stage for massive DDoS…

Short Take: CAA records and site security

6 March 2019 | Comments Off on Short Take: CAA records and site security

Long Tail Attacks

27 February 2019 | Comments Off on Long Tail Attacks

Short Take: Cache Covert Channel

13 February 2019 | Comments Off on Short Take: Cache Covert Channel

Short Take: HTTPS Interception

22 January 2019 | Comments Off on Short Take: HTTPS Interception

CAA Records and Site Security

19 November 2018 | Comments Off on CAA Records and Site Security

The little green lock—now being deprecated by some browsers—provides some level of comfort for many users when entering personal information on a web site. You probably know the little green lock means the traffic between the host and the site is encrypted, but you might not stop to ask the fundamental question of all cryptography:…

Short Take: DNSSEC Deployment

6 November 2018 | Comments Off on Short Take: DNSSEC Deployment

BGP Hijacks: Two more papers consider the problem

5 November 2018 | Comments Off on BGP Hijacks: Two more papers consider the problem

The security of the global Default Free Zone DFZ) has been a topic of much debate and concern for the last twenty years (or more). Two recent papers have brought this issue to the surface once again—it is worth looking at what these two papers add to the mix of what is known, and what…

The Diminishing Returns of Strong Passwords

17 October 2018 | Comments Off on The Diminishing Returns of Strong Passwords

Research: Tail Attacks on Web Applications

12 September 2018 |

When you think of a Distributed Denial of Service (DDoS) attack, you probably think about an attack which overflows the bandwidth available on a single link; or overflowing the number of half open TCP sessions a device can have open at once, preventing the device from accepting more sessions. In all cases, a DoS or…