As expected, VeriSign placed its key material in the root zone yesterday (click on the picture below to view more detailed key information, etc.). Secure resolvers can now authenticate the .com key starting from the root zone and validate DNSSEC secured domains in the .com zone. Certainly a big accomplishment for the technical community. But a big question still remains – is there any incentive for resolvers to validate?
As mentioned briefly in a post last Friday, our recently completed study on ISP botnet mitigation showed that between 5 to 10 percent of all broadband subscribers in the Netherlands had their machines recruited into a botnet at some point in 2009. This week we offer a little closer look at that finding, which is conservatively based on the unique IP sources present in three distinct datasets of malicious network hosts: a large spam trap, the DShield distributed intrusion detection system, and Conficker sinkholes. Our results indicate that, from an economic perspective, the use of automation in botnet mitigation has an interesting effect on the incentives of ISPs. Read on to find out more and download the report.
Last night I got a chance to view the excellent 2009 documentary film “The Most Dangerous Man in America: Daniel Ellsberg and the Pentagon Papers.”
Of course, it is impossible to mention the Pentagon Papers now without thinking “Wikileaks,” and I admit that it was an interest in the parallels and differences in the cases that put that selection in my Netflix queue. It turned out to be a far more rewarding choice than I had expected. The film brings the 40-year old Ellsberg/Pentagon Papers sequence of events to life as vividly as the Private Manning/Wikileaks case is alive now. And without that historical knowledge and context one’s awareness of the Wikileaks case is impoverished. A fascinating aspect of this film is the way it documents how different the technological and publishing environment was – but one is also struck by the similarities in the political debate. Despite efforts to drive a wedge between Ellsberg and Wikileaks, this documentary, which was made more than a year before the Wikileaks controversy hit, shows how fundamentally similar the cases are.
The OECD just published a study that presents new insights into the role of Internet Service Providers in fighting the millions of infected machines that are currrently plaguing the Internet. The study discovered a remarkably concentrated patterns – just 50 ISPs account for about 50% of all infected machines worldwide. It also statistically determines some of underlying factors that explain why some ISPs perform better than others.
Last week, the Dutch police managed to shut down the “Bredolab” botnet. At least, that is what they claimed during the worldwide media coverage that followed. A few days later, while the police was still basking in the praise for its success, the botnet was resurrected. Embarrassing? Yes. Surprising? Not really. It highlights a fundamental misunderstanding about the fight against botnets. Contrary to what the Dutch police claimed and many people think, law enforcement cannot shut down botnets. It is important to understand why and what the implications are of this sobering thought.
A new essay in Harvard National Security Journal by Dr. Dan Geer, the Chief Information Security Officer of the CIA's venture firm In-Q-Tel, reveals how militarizing the internet puts the brakes on new business opportunities or innovations that might come from the internet. Geer argues that
“…the recent decision of the Internet Corporation for Assigned Names and Numbers (ICANN) to wildly proliferate the number of top-level domains and the character sets in which domains can be enumerated is the single most criminogenic act ever taken in or around the digital world.” To security Taliban, any change is bad because it makes things less “secure,” but it is especially dangerous to expand access to internet resources. The more information technology people have in their hands, the worse the world becomes.
Responding to a cacophony of opposing voices, citing free expression and global governance concerns, the proposed Combating Online Infringement and Counterfeits Act (COICA) has been slowed down for now. COICA is now scheduled to be taken up during the lame duck session following the November elections, which makes this “intergalacticly bad idea” still very dangerous. For those legislators who won't be returning there is nothing to lose, they might as well placate the well-funded and powerful intellectual property lobby behind it.
An amended version of the bill is now floating around. A comparison reveals that staffers are getting feedback from the network operators who will have to implement the process – namely ISPs and registrars. Changes have been made in an attempt to limit COICA's effects on operation of the global DNS. However, an under appreciated facet is how the bill's attempt to use Internet intermediaries for the purpose of enforcing intellectual property rights (IPR) could impact the Internet's security.