Welcome!

Agile Computing Authors: Liz McMillan, Yeshim Deniz, Stackify Blog, Elizabeth White, Ed Featherston

Blog Feed Post

Ultra AEP warns of on-going danger of ‘dirty domains’

Only 53 per cent of global top level domains 'secure'

Loudwater, UK, 23rd January 2014: Over three years after the world's first top level domains (TLDs) (such as .org, .com and .net) were signed with domain name system security extensions (DNSSEC), nearly half (47 per cent)[1] remain open to malicious tampering. This is potentially leaving millions of the world's internet users open to malicious redirect to fake websites, warns FTSE 250 cyber security company Ultra Electronics AEP.

Some of the world's most advanced Internet economies such as Italy (.it), Spain (.es) and South Africa (.za) remain unsigned, leaving every Internet visitor to a website ending with that extension at risk of being re-routed to a bogus website and potentially being fooled into parting with personal information.

Sonia Freed, Managing Director of Ultra Electronics AEP explains: "This is an issue that affects every Internet user in the world and a poor level of take up of DNSSEC amongst top level domains is a barrier to the evolution of a safer Internet. Unless the top level domain is signed, every single website operating under a national domain can have its DNS spoofed, potentially directing Internet users straight into the hands of cyber criminals via fake websites that often look just like the real thing."

Freed continues: "Whilst many of the domains we are familiar with such as .com, co.uk and .org are secure, it's becoming increasingly common for websites to use extensions from other countries even when they do not have a local presence. Many popular file sharing sites for instance use unsecured domains from tiny Caribbean islands and are using them as a 'flag of convenience'. With this fragmentation, comes potential confusion and an environment in which cyber criminals can thrive."

Richard Lamb at Internet Corporation for Assigned Names and Numbers (ICANN): "It is now three and a half years since the root of the Domain Name System was signed, however our figures show there is still a great deal of work to do. DNSSEC is a leap forward in preventing attackers from redirecting end users to websites under their own control (for account and password collection). We urge the owners of the remaining unsigned TLDs to work with ICANN and help develop a safer web to protect the world's internet users."

Freed highlights the scale of the problem: "DNS cache poisoning continues to affect the world's Internet users. Towards the end of last year, users of Google's Malaysian domain (www.google.com.my) were directed to a fake website in Pakistan.[2] The Syrian Electronic Army (SEA) have also exploited DNS weaknesses to modify DNS entries and redirect users accessing The New York Times and Twitter to propaganda pages."

Freed notes: "Securing the TLD is a major first step but it's also necessary for responsible individual domain name owners to ensure the integrity of their zone data and hence the integrity of their associated web services by implementing a DNSSEC solution and signing their zone DNS resource records. A DNSSEC solution comprises a DNS Server with DNSSEC extensions and cryptographic keys."

DNSSEC uses public key cryptography to digitally sign DNS data. It means that responses to DNS queries are digitally signed by the DNS server using private keys and are automatically verified by the client using the corresponding public key.

Digital signing also guarantees the validity of DNS responses. As such Internet users are protected from the fraudulent DNS responses that could contribute to phishing techniques and other forms of fraud. Using a hardware secure module (HSM) can enhance the security of a DNSSEC solution. In addition to highly secure key generation and storage, HSMs provide fast cryptographic processing, which offload computationally intensive calculations from servers.

AEP Keyper is the only network-attached HSM on the market certified to FIPS 140-2 Level 4 overall, the highest FIPS accreditation.

For further information, please see: http://www.internetsociety.org/deploy360/dnssec/

[1] Figures published by Internet Corporation for Assigned Names and Numbers (ICANN) on 20.01.2014: http://stats.research.icann.org/dns/tld_report/index.html
[2] Source: MYNIC (official registrar of Malaysian internet domains): http://mynic.my/en/news.php?id=162

-Ends-

Notes to editors
On June 16, 2010, AEP Ultra Safe Key Security and Management product signed the DNS root of the internet, the dot, forming part of an elite international circle of trust protecting the web from being hijacked - See more at: http://www.ultra-aep.com/company-overview#sthash.G3DUZ1Q3.dpuf

About Ultra Electronics AEP
AEP provides trusted security everywhere and develops the highest grade security and communication technologies, securing data regardless of device, environment or location, tested and accredited to industry security standards, including FIPS 140-2 Level 4 and CAPS to IL3/IL4. Trusted by businesses, governments and the defence sector, its extensive portfolio of products and solutions protect the integrity of very sensitive data and are extremely reliable, survivable and resilient. AEP is a business unit of Ultra Electronics an internationally successful security, defence and aerospace company with a long, consistent track record of development and growth. Ultra businesses constantly innovate to create solutions to customer requirements that are different from, and better than competitors.

Enquiries
John Bailey, Marketing Manager 01628 642600
David Bell, Vocal Public Relations 07971 845740

Source: RealWire

Read the original blog entry...

More Stories By RealWire News Distribution

RealWire is a global news release distribution service specialising in the online media. The RealWire approach focuses on delivering relevant content to the receivers of our client's news releases. As we know that it is only through delivering relevance, that influence can ever be achieved.

@ThingsExpo Stories
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
DXWorldEXPO LLC announced today that ICC-USA, a computer systems integrator and server manufacturing company focused on developing products and product appliances, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City. ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of ...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.
Cloud-enabled transformation has evolved from cost saving measure to business innovation strategy -- one that combines the cloud with cognitive capabilities to drive market disruption. Learn how you can achieve the insight and agility you need to gain a competitive advantage. Industry-acclaimed CTO and cloud expert, Shankar Kalyana presents. Only the most exceptional IBMers are appointed with the rare distinction of IBM Fellow, the highest technical honor in the company. Shankar has also receive...
Michael Maximilien, better known as max or Dr. Max, is a computer scientist with IBM. At IBM Research Triangle Park, he was a principal engineer for the worldwide industry point-of-sale standard: JavaPOS. At IBM Research, some highlights include pioneering research on semantic Web services, mashups, and cloud computing, and platform-as-a-service. He joined the IBM Cloud Labs in 2014 and works closely with Pivotal Inc., to help make the Cloud Found the best PaaS.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
DXWorldEXPO LLC announced today that All in Mobile, a mobile app development company from Poland, will exhibit at the 22nd International CloudEXPO | DXWorldEXPO. All In Mobile is a mobile app development company from Poland. Since 2014, they maintain passion for developing mobile applications for enterprises and startups worldwide.
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or per...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Founded in 2000, Chetu Inc. is a global provider of customized software development solutions and IT staff augmentation services for software technology providers. By providing clients with unparalleled niche technology expertise and industry experience, Chetu has become the premiere long-term, back-end software development partner for start-ups, SMBs, and Fortune 500 companies. Chetu is headquartered in Plantation, Florida, with thirteen offices throughout the U.S. and abroad.
Bill Schmarzo, author of "Big Data: Understanding How Data Powers Big Business" and "Big Data MBA: Driving Business Strategies with Data Science," is responsible for setting the strategy and defining the Big Data service offerings and capabilities for EMC Global Services Big Data Practice. As the CTO for the Big Data Practice, he is responsible for working with organizations to help them identify where and how to start their big data journeys. He's written several white papers, is an avid blogge...
I think DevOps is now a rambunctious teenager - it's starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Major trends and emerging technologies – from virtual reality and IoT, to Big Data and algorithms – are helping organizations innovate in the digital era. However, to create real business value, IT must think beyond the ‘what’ of digital transformation to the ‘how’ to harness emerging trends, innovation and disruption. Architecture is the key that underpins and ties all these efforts together. In the digital age, it’s important to invest in architecture, extend the enterprise footprint to the cl...
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Two weeks ago (November 3-5), I attended the Cloud Expo Silicon Valley as a speaker, where I presented on the security and privacy due diligence requirements for cloud solutions. Cloud security is a topical issue for every CIO, CISO, and technology buyer. Decision-makers are always looking for insights on how to mitigate the security risks of implementing and using cloud solutions. Based on the presentation topics covered at the conference, as well as the general discussions heard between sessio...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
DXWorldEXPO LLC announced today that the upcoming DXWorldEXPO | CloudEXPO New York event will feature 10 companies from Poland to participate at the "Poland Digital Transformation Pavilion" on November 12-13, 2018.