3.1 C
Sunday, November 19, 2017
Home Tags Internet

Tag: Internet

The Parliament House in Singapore.TteckK Singapore is planning to take 100,000 government computers off the Internet in order to boost security, according to several news reports.

Government employees who need Internet connectivity to do their jobs will have access to "dedicated Internet-linked terminals," but by default the civil servants won't be able to go online using government-issued devices, the Agence France-Presse (AFP) news agency reported today. Government employees have received a memo about the change, which is being phased in over the course of a year. "There are some 100,000 computers in use by the public service and all of them will be affected," The Straits Times wrote. Singapore government websites were hacked by Anonymous in 2013, apparently in response to censorship regulations imposed on news sites.

The latest security measure is reportedly aimed at preventing similar attacks and the spread of malware through e-mail. "We have started to separate Internet access from the work stations of a selected group of public service officers and will do so for the rest of the public service officers progressively over a one-year period," the Singapore government said, according to the AFP. Singapore is a highly connected society, with average peak broadband speeds of 135.7Mbps—the fastest in the world, according to Akamai's State of the Internet report. Many government services are available online.

That isn't supposed to change, as the government said its employees' work will remain the same. "The move [to take government computers offline] was greeted with furor on social media," the Associated Press wrote. "Many saw it as an obstacle to efficiency in the wealthy city-state, where citizens have pushed for a better balance of work and life.

Government leaders have often spoken of the need to master and harness technology." For the most part, government employees will be limited to using the Internet on devices they own themselves and that aren't linked to government networks or e-mail systems. "Public servants will be allowed to forward work e-mails to their private accounts, if they need to," The Straits Times wrote.
Let us spy on you or we'll choke off civil liberties, says ex foreign sec Infosec 2016 Lord Hague has predicted that Western societies will enact laws and regulations against unbreakable encryption – while conceding that the technology has always existed. The former UK foreign secretary, who is also a historian and author of a biography of Prime Minister William Pitt the Younger, told delegates at the Infosec trade show that a book-based cypher written by an 18th century politician remains unbroken. “Unless we know the book it’s based on,” or can find example of the same code being used in other messages, then it will remain unbroken, he said. Technology firms need to co-operate or else law enforcement will lose the ability to investigate serious crimes, including tax evasion, people trafficking and terrorism, according to Lord Hague.

This is because criminals and terrorists use communication technologies also used by mainstream consumers such as iMessage and WhatsApp (Lord Hague’s example). Unless government and their security agencies retain the ability to spot malicious activities through electronic intelligence, restrictions on civil liberties would have to be more “severe and draconian”, he argued. Rather than the courts or technology firms deciding regulations for encryption, it ought to be decided through public opinion and a debate in Parliament or its equivalent in other Western countries, Lord Hague concluded. The Apple versus FBI case was a “genuine and understandable clash of principles” that’s “likely to happen again especially since not resolved in court”. He acknowledged concerns that if law enforcement could break into communications for one reason they’d be able to break it for another as a legitimate concern. While there should be constraints to intrusion, there’s no absolute right to privacy either, he said. “Not representative of how government and companies have worked together in the past,” Lord Hague added. Ultimately it’s for “parliaments and public to resolve”. Spies like US As well as speaking about the balance between privacy and security, Lord Hague also talked about the threat landscape and cyber-espionage. Only a network of partnerships is going to protect security, according to the former leader of the Conservative party. The senior politician, who signed interception warrants authorising the operations of GCHQ for four years while foreign secretary, said that businesses are becoming more vulnerable as they become more efficient through greater use of technology. “Organisations wouldn’t leave doors open all night at the company headquarters but they are doing that in cyberspace,” Lord Hague said. A network of partnership and greater information sharing is needed to deal with threats.

Breached organisation should be obliged to report problems but these could be stored and shared in an anonymised form so that potential risk to reputation is reduced, according to the peer, in order to “see the scale of what is going on”. Many or most serious breaches were down to human error, he added. While foreign secretary, Hague spoke to a conference where he gave three anonymised examples of organisations that had been hacked.

All three of the blue chip firms affected were in the room but none knew they were affected by the theft of intellectual property. Attacks of this type – often targeted against military contractors and aerospace firms – have historically been blamed on China, an accusation the country routinely denies. Attributing the source of cyber attacks is notoriously difficult, “and what if a non-state actor like Isil [the self-styled Islamic State] is involved? Any treaty could risk either Balkanising the internet or increasing state power.” For these and other reasons, an international accord is “highly unlikely” according to Lord Hague, who argued that issues ought to be addressed diplomatically and bilaterally between senior politicians in the respective countries involved. “Defensive capabilities are limited without an offensive capability to detect deter or prevent attack,” he said during his keynote presentation at the Infosec trade trade in London on Wednesday. ® Sponsored: Rise of the machines
Jakarta, Indonesia, 8 June 2016: Huawei, Canovate and IBM are among the latest companies to join the line-up of more than one hundred exhibitors at Indonesia’s first major ICT event – which will provide a platform for Indonesia to strengthen its quest to build a robust digital economy and ecosystem.Communic Indonesia 2016 – which focuses on data centres and Cloud technologies, big data, cable and satellite, and enterprise solutions – will be collocated with a dedicated series of industry events, including the Indonesia ICT Summit and Broadcast Indonesia 2016, all taking place at the Jakarta International Expo, in Kemayoran, from Wednesday, August 31 to Saturday, September 3.Together with Broadcast Indonesia 2016, Communic Indonesia 2016 is expected to attract more than 450 exhibitors from across Asia and beyond, showcasing ICT solutions and digital multimedia and entertainment technology to operators, ISPs and broadcasters under one roof.

An exciting line up of speakers – featuring Ericsson, Hewlett-Packard and Bitcoin Indonesia – has also been confirmed. “Indonesia is fast becoming South East Asia’s up-and-coming region in the ICT and digital multimedia market, with huge growth potential across the country,” said Show Director Rupert Owen. “Communic Indonesia will gather industry professionals from across the region to network and discuss a multitude of relevant industry issues, opportunities and challenges relating to satellite, Internet of Things, big data, Cloud, security, and 4G, 5G and LTE.” Communic Indonesia 2016 is expected to attract more than 12,000 visitors across the four days, with more than 11 countries participating, including China, Germany, Hong Kong, Indonesia, Philippines, Singapore, Taiwan, Thailand and the USA. Indonesia – which spans more than 17,000 islands – currently has a population of more than 250 million people and is expected to reach 258.6 million by the end of 2016.

The country depends on the continuing investment in the communications infrastructure to provide essential services and meet the growing needs and expectations of its consumers. “As the government announces the Indonesia Broadband Plan, major investments are expected in the broadband connectivity infrastructure and its related ICT verticals,” said Mr Ben Wong, President Director of event organiser PT Pamerindo Indonesia. “The Jakarta International Expo is a world-class venue located in the heart of Indonesia and we are confident the event will provide the ideal platform to discuss Indonesia’s digital future.” -ENDS- If you would like to connect with us on social media, please visit the below links. Facebook: https://www.facebook.com/communicindonesia/?fref=tsLinkedin: https://www.linkedin.com/groups/7001307Twitter: @CommunicIndo For further information, please contact Jayne Garfitt or Michelle Mahoney at Proactive International PR on +44 1636 812152. Or send an email to jayne.garfitt@proactive-pr.com or michelle.mahoney@proactive-pr.com
15m telnet nodes, 4.5m printers TCP port 445... Millions of services that ought to be restricted are exposed on the open internet, creating a huge risk of hacker attack against databases and more. Infosec firm Rapid7’s researchers took a close look at the millions and millions of individual services that live on the public IP network, one of the most fundamental components of the internet. Researchers attempted to ascertain to which extent various internet protocols are in use, where they are located, and how much of this is inherently insecure due to running over non-encrypted, cleartext channels. Millions of systems on the internet offer services that should not be exposed to the public network.

The survey uncovered 15 million nodes appearing to offer telnet (usually unencrypted), 11.2 million appearing to offer direct access to relational databases, and 4.5 million apparent printer services. Around 4.7 million systems expose one of the most commonly attacked ports used by Microsoft systems, 445/TCP. Oddly 75 per cent of the servers offering SMB/CIFS services – a (usually) Microsoft service for file sharing and remote administration for Windows machines – originated in just six countries: the United States, China, Hong Kong, Belgium, Australia and Poland. The most exposed nations on the internet included countries with the largest GDPs, such as the United States, China, France, and Russia. The research – summarised here – was put together by Bob Rudis, Jon Hart and Tod Beardsley.

Beardsley explained that the research gave the team a fresh perspective on the services deployed on the public side of firewalls the world over. Although, to the man on the street, the internet is imagined to run over the one or two protocols that the World Wide Web runs on – HTTP and HTTPS – there are loads of other services. Rapid7’s researchers say their study shows how much telnet, SSH, FTP, SMTP, or any of the other protocols that run on TCP/IP is actually in use, where are they all located, and how much of it is inherently insecure due to running over non-encrypted, cleartext channels for the first time. He explained this was different from, but complementary to, other research efforts. “While projects like CAIDA and Shodan perform ongoing telemetry that covers important aspects of the internet, we here at Rapid7 are unaware of any ongoing effort to gauge the general deployment of services on public networks.
So, we built our own, using Project Sonar,” Beardsley said. ® Sponsored: Rise of the machines
Since the beginning of 2016, FireEye has discovered 240 phishing domains attempting to trick users into thinking they were Apple Inc. Hackers are using fake phishing domains to trick Apple users into giving up their Apple ID credentials, according to a new report from FireEye.Since the beginning of 2016, FireEye has tracked a number of phishing campaigns targeted against Apple users.

The phishing campaigns all include some form of a lure to trick unsuspecting users into entering their Apple ID into a fake login screen.

All Apple device owners use the Apple ID to get access to the company's services, including iTunes, App Store and iCloud data backups.As part of the subterfuge, the phishing campaign emails direct users to seemingly legitimate looking Apple sites that are hosted on domains that have the word "Apple" in them, but are not associated in any way with the company.

Among the domains are various combinations of the words, Apple and iCloud, including iCloud-Apple-apleid.com, appleie-xyw.com and iow-web-Apple.com.Since the beginning of 2016, FireEye has discovered 240 phishing domains attempting to trick users into thinking they were Apple Inc. Of those, FireEye found 86 targeting U.K. customers since January.

Domains specifically going after Chinese users are also common, with FireEye reporting 32 different domains registered in March alone. While FireEye was able to identify the spam domains targeting Apple users, it's not clear how many potential victims may have been exposed to the phishing domain campaigns. "Our system is designed to detect newly registered malicious domains," Fahim Abbasi, principal malware researcher at FireEye, told eWEEK. "We are not able to answer if there are specific targets."Looking across the 240 different Apple spam domains, FireEye found 154 unique email addresses were used to register the domains. Of those email addresses, 64 were on the qq.com email domain in China and 36 registrants had unique gmail.com email accounts.Going a step further to try and determine some form of attribution for the malicious spam domains, FireEye found that the observed Apple spam domains in China were pointing at 13 unique IP addresses found in the United States and China.

All of the U.K. spam domains were pointing to IP addresses in the United Kingdom.Abbasi noted that FireEye observed a peak of Apple spam domain registrations in the first quarter of 2016, but has seen a gradual decrease since then."We are now starting to log this information to get a better breakdown of stats," Abbasi said.From a user protection standpoint, the actual address for a link or a Website is generally viewable by users, either in a browser or when they hover over an email link.

As such, a cautious, informed user should be able to avoid falling prey to the Apple phishing domain campaigns.

That said, Abbasi noted that not all users are informed of the risks of phishing and all the domains listed contain keywords like: "Apple," "iTunes" and/or "iCloud.""Attackers exploit the human trust model, as we tend to trust brand names, and uses that to lure their victims into clicking and interacting with the phishing page," Abbasi said. "The majority of Internet users are not savvy enough to detect these minor variations in legitimate-looking-phishing URLs."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.
Two more attempts coming down the line US legislators are making another attempt to give the FBI access to anyone's web browser history with a new amendment to the pending review of the Electronic Communications Privacy Act (ECPA) Amendments Act of 2015. Senator John Cornyn (R-TX) introduced the amendment [PDF], which would allow the FBI to use National Security Letters (NSLs) to demand a target's "electronic communication transactional records," including domains visited, IP addresses, and session times and duration of electronic communications. The FBI issues thousands of NSLs every year and they don't require a judge's formal approval, as a warrant would. NSLs can be ordered by either an FBI deputy assistant director or by the special agent in charge of a field office. In the past, the FBI had claimed that the existing laws gave it the power to use NSLs for just this purpose, but in 2008 the agency was slapped down [PDF] by the Justice Department's Office of Legal Counsel, which ruled against the FBI on the matter. In addition, the expansion of the NSL's provisions has also been added into the 2017 Intelligence Authorization Act.

The wording of the bill, and the increased provisions, were passed by the Senate Select Committee on Intelligence and revealed by member Senator Ron Wyden (D-OR). "This bill takes a hatchet to important protections for Americans' liberty," he said. "This bill would mean more government surveillance of Americans, less due process, and less independent oversight of U.S. intelligence agencies. Worse, neither the intelligence agencies nor the bill's sponsors have shown any evidence that these changes would do anything to make Americans more secure." The double privacy whammy shows yet more evidence that the FBI is not willing to give up trying to get warrantless access to internet users' histories.

Technically, the NSL can only be issued for terrorism or spying investigations, but the FBI has abused such powers in the past. The moves have kicked up a stink with technology firms and internet rights groups, which had been supportive of the new form of the ECPA. Now they are threatening a boycott of the legislation. "We would oppose any version of these bills that included such a proposal expanding the government's ability to access private data without a court order," the open letter reads. "Given the sensitive nature of the information that could be swept up under the proposed expansion, and the documented past abuses of the underlying NSL statute, we urge the Senate to remove this provision from the Intelligence Authorization bill and oppose efforts to include such language in the ECPA reform bill, which has never included the proposed NSL expansion." ® Sponsored: Rise of the machines
The Yongbyon nuclear facility in North Korea—back in business and making plutonium, based on IAEA analysis.Keith Luse, Senior Professional Staff Member, U.S.
Senate Although North Korea has had a string of bad luck with its only suspected nuclear-capable ballistic missile—which had four failed test launches in the last two months—the Democratic People's Republic of Korea is clearly intent on shifting its nuclear capabilities into overdrive. On Monday, the International Atomic Energy Agency (IAEA) announced that North Korea's government had apparently re-activated the nuclear fuel production reactor at Yongbyon—the plant responsible for the creation of plutonium used in the DPRK's nuclear weapons program. The analysis by the IAEA, as IAEA chief Yukiya Amano said during a news conference on Monday, pointed to “resumption of the activities of the five megawatt reactor, the expansion of centrifuge-related facility, [and] reprocessing—these are some of the examples of the areas [of activity indicated at Yongbyon]." In this instance, "reprocessing" refers to the extraction of plutonium from irradiated uranium fuel. These conclusions were reached based on satellite imagery, as North Korea has denied IAEA inspectors access to the plant.

But if the IAEA is correct, the expansion of the centrifuge facility would indicate that North Korea is preparing to produce more fuel for nuclear warheads. The Yongbyon site is the same site that US intelligence attempted to infect with a variant of the Stuxnet malware used against Iranian nuclear research facilities, as revealed by a Reuters report in May of 2015. Like the Iranian program, the Yongbyon facility uses technology originally obtained from the lead developer of Pakistan's nuclear weapons program, scientist A.Q. Khan.

Because of North Korea's greater isolation from the Internet and the government's tight control over computer access, that malware effort was unsuccessful.
Dave Newman Major tech companies, advocacy groups, and at least one senator have publicly proclaimed their opposition to two bills currently working their way through Congress.

The two pieces of proposed legislation would each significantly expand use of National Security Letters to include "Electronic Communication Transactional Records"—better known as metadata. As Ars has reported previously, federal investigators issue tens of thousands of NSLs each year to banks, ISPs, car dealers, insurance companies, doctors, and others in terrorism and espionage investigations.

The letters demand personal information, and they don't need a judge's signature, much less a showing of probable cause.

They also come with a default gag to the recipient that forbids the disclosure of the NSL to the public or the target.On Thursday, the Senate Judiciary Committee is set to vote on one of those provisions as an amendment to a bill called the Electronic Communications Privacy Act Amendments Act of 2015 (S. 356). The provision would allow NSLs to target "account number, login history, length of service (including start date)… Internet Protocol address… routing, or transmission information…" and more. This amendment is authored by Sen. John Cornyn (R-Texas), and it's being tacked on to a pending Senate bill.
If passed, the Electronic Communications Privacy Act Amendments Act of 2015 would mandate a warrant for the government to access e-mail and data stored online. (The House unanimously passed its companion version, known as the Electronic Communications Privacy Act, in April 2016.) The second possible legislative route to expanding NSL power comes via a revision to the Intelligence Authorization Act for Fiscal Year 2017. In a letter sent to the Judiciary Committee on Monday, groups including the American Civil Liberties Union, Amnesty International, and the Electronic Frontier Foundation said they would withdraw their support for the badly needed ECPA reform bill if the Cornyn amendment or the revision to the IAA were allowed to stand. As they wrote: The civil liberties and human rights concerns associated with such an expansion are compounded by the government’s history of abusing NSL authorities.
In the past ten years, the FBI has issued over 300,000 NSLs, a vast majority of which included gag orders that prevented companies from disclosing that they received a request for information.

An audit by the Office of the Inspector General (IG) at the Department of Justice in 2007 found that the FBI illegally used NSLs to collect information that was not permitted by the NSL statutes.
In addition, the IG found that data collected pursuant to NSLs was stored indefinitely, used to gain access to private information in cases that were not relevant to an FBI investigation, and that NSLs were used to conduct bulk collection of tens of thousands of records at a time. For his part, Sen. Ron Wyden (D-Ore), a longstanding civil liberties-minded lawmaker, also voiced his opposition to this amendment in a statement sent to Ars. "This bill takes a hatchet to important protections for Americans’ liberty," Wyden said, speaking specifically of the IAA. "This bill would mean more government surveillance of Americans, less due process, and less independent oversight of US intelligence agencies."
Over the last several days, several high-profile accounts, including those owned by Facebook CEO Mark Zuckerberg and artist Katy Perry, have been hacked.

The hacks, which arguably were hardest on Zuckerberg, who co-founded a social network and has long...
Agency says attackers dupe victims into handing over remote device access and thousands of dollars. The FBI's Internet Crime Complaint Center (IC3) has cautioned against rising cases of technical support scams in which scammers use a variety of methods to deceive victims.
In a recent announcement, IC3 says it has received 3,668 complaints in the last four months with adjusted losses of $2,268,982. In one technique, according to IC3, criminals claim they work for tech support companies, were notified of viruses or security threats to the victim’s device, and offer to eliminate those threats for a fee. Once given remote access to the victim’s device, the fraudsters either steal personal details or infect the machine with malware.
In some instances, the miscreants have also extorted the victims for a ransom, by threatening not to surrender control of the victim's device and/or bank account. Hackers may call, send a pop-up message, or freeze the victim’s computer screen with a displayed phone number to call for assistance, adds IC3. IC3 has advised that individuals be alert, and if contacted, take necessary steps -- including not giving unverified persons remote access to their devices or accounts. For more details, click here.  Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events.

For more information from the original source of the news item, please follow the link provided in this article.
View Full Bio More Insights
Cyber-security firm to work with security specialist value-added distributor to support aggressive EMEA expansion plansLondon – 7 June 2016 – Malwarebytes™, the leading advanced malware prevention and remediation solution, today announced it has signed Wick Hill as a pan-European value-added distributor specialising in security.

The agreement supports Malwarebytes’ rapidly growing presence in Europe and continued strategy to expand in the area through channel relationships. Ian Kilpatrick, chairman Wick Hill Group Wick Hill and Malwarebytes will work together to offer the cyber security company’s advanced endpoint protection and remediation capabilities for enterprises to resellers in the UK, DACH, Benelux, France and the Nordics, as part of a two-tier distribution model. Wick Hill is frequently recognised as one of the best specialist security distributors in the region, and the deal will further expand Malwarebytes’ reach while providing Wick Hill with access to an increasingly in-depth portfolio of layered solutions. Anthony O’Mara, VP, EMEA at Malwarebytes, said: “Given the ever advancing threat landscape, the possibility of suffering a security breach has never been higher. Our proven ability to quickly detect and remediate these threats means our products are in higher demand than ever. “Given its reach and reputation in the cyber security space, Wick Hill is an ideal partner for us.

The company also operates an enviable range of partner support services and has a track record of helping vendors expand their reseller base and grow sales.

As part of Rigby Private Equity (RPE), Wick Hill also has access to an established network of resellers across EMEA, and we will be taking advantage of that to grow our presence even further in the future.” Ian Kilpatrick, chairman Wick Hill Group, continued: “We are delighted that Malwarebytes has chosen Wick Hill as a pan-EMEA distribution partner.

Driven by the strength of its product set, the company has a uniquely valuable brand in the security market, providing resellers with a massive opportunity.” “In today’s increasingly insecure IT environment, multi-level protection is vital and we feel Malwarebytes fits perfectly into our existing portfolio. We’re very excited about helping the company grow its EMEA channel to expand across the region.” In July 2015, Wick Hill became part of Rigby Private Equity (RPE). RPE is building an EMEA-wide, high-value, specialist distribution business, with a common proposition and consistent delivery.
Value added distributor Zycko, is also part of RPE with the combined Wick Hill and Zycko product portfolio encompassing networking, infrastructure, security, communications, storage, access, performance, monitoring and management. Paul Eccleston, head of RPE, commented: “The appointment of Wick Hill by Malwarebytes is another milestone for RPE, following Zycko’s recent appointment by Unitrends as its sole EMEA wide distributor.
It demonstrates that there is a strong need for a pan-EMEA distributor that can work with companies wanting to expand and grow internationally, in partnership with a value added distributor that can deliver technical and sales support consistently, whilst giving vendors access to an established reseller network.” -- ENDS -- About MalwarebytesMalwarebytes protects consumers and businesses against dangerous threats such as malware, ransomware, and exploits that escape detection by traditional antivirus solutions. Malwarebytes Anti-Malware, the company’s flagship product, has a highly advanced heuristic detection engine that removed more than five billion malicious threats from computers worldwide. More than 10,000 SMBs and enterprise businesses worldwide trust Malwarebytes to protect their data.

Founded in 2008, the company is headquartered in California with offices in Europe, and a global team of researchers and experts.

For more information, please visit us at https://www.malwarebytes.com/.Malwarebytes reflects the operating philosophy of its founder and CEO Marcin Kleczynski: to create the best disinfection and protection solutions to combat the world’s most harmful Internet threats. Marcin was recently named “CEO of the Year” in the Global Excellence awards and has been named to the 2015 Forbes 30 Under 30 Rising Stars of Enterprise Technology list and the Silicon Valley Business Journal’s 40 Under 40 award, adding those to a 2014 Ernst & Young Entrepreneur of the Year Award. About Wick HillEstablished in 1976, value added distributor Wick Hill specialises in secure IP infrastructure solutions.

The company sources and delivers best-of-breed, easy-to-use solutions through its channel partners, with a portfolio that covers security, performance, access, networking, convergence, storage and hosted solutions. Wick Hill is particularly focused on providing a wide range of value-added support for its channel partners.

This includes strong lead generation and conversion, technical and consultancy support, and comprehensive training. Wick Hill Group is part of Rigby Private Equity, a subsidiary of Rigby Group Investments, an independent company within Rigby Group plc. Wick Hill has its headquarters in the UK and offices in Germany and Austria. Wick Hill also offers services to channel partners in fourteen European countries and worldwide, through its association with Zycko, as part of RPE. For further press information on Wick Hill, please contact Annabelle Brown on 01326 318212, email pr@wickhill.com. Wick Hill https://www.wickhill.com.

For further press information on Malwarebytes, please contact Aislinn Collins on 07980 711864, email malwarebytes@fieldhouseassociates.com
For message authentication, not for tracking. Promise! A proposal raised late May at the Internet Engineering Task Force (IETF) suggests adding cookies to the DNS to help defend the critical system against denial-of-service exploits. The domain name system (DNS) is an old and fundamental piece of the Internet architecture, providing translation between human-readable addresses like theregister.co.uk and IP addresses. The DNS has also been exploited several times over the years as a traffic amplifier in DoS attacks. [amplification attacks] RFC 7873, authored by Donald Eastlake (Huawei*) and Mark Andrews (ISC*), puts forward the intriguing notion that a simple cookie deployment could help. They describe DNS Cookies as “a lightweight DNS transaction security mechanism” for clients and servers. While the idea offers only “limited protection”, the authors say they can help address denial-of-service, amplification, forgery, and cache poisoning attacks. For the privacy-conscious, the authors note that their proposal is that the DNS cookies only be returned to their originating IP address, preventing them being used as a tracking mechanism. The protection offered by the DNS cookie, the RFC says, comes from the fact that an attacker would have to guess the 64-bit pseudorandom value of the cookie. The client cookie would be calculated using the client's IP address, the server IP address, and “a secret value known only to the client”. The client's IP address, the client cookie, and a secret known to the server would be used to calculate the server cookie. Here's how the authors imagine the cookies would help in various DNS attack scenarios: DoS attacks using forged addresses – the basic DNS denial-of-service attack uses a forged client address. The cookie doesn't block such attacks – but it does identify the client by its real IP address, which makes attribution more feasible, making the attack less anonymous; DNS amplification – from the RFC: “Enforced DNS Cookies would make it hard for an off-path attacker to cause any more than rate-limited short error responses to be sent to a forged IP address, so the attack would be attenuated rather than amplified”. Server DoS – any DNS request accepted by a server uses its resources, making it relatively straightforward to hose a server by flooding it with requests. The cookies make it very easy to reject forged requests “before any recursive queries or public key cryptographic operations are performed.” Cache poisoning and answer forgery attacks – the DNS cookies let resolvers reject forged replies. The RFC also lays out an incremental rollout scheme for DNS cookies. ® Bootnote: *IETF RFCs are the work of individuals, not their employers, but affiliations get a mention as a courtesy. ® Sponsored: Rise of the machines