SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


Leave a comment

The Sep/Oct 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our SWITCH Security Report has just been released.

The topics covered in this report are:

  • Turning Good instead of Breaking Bad? Hacking to fend off other hackers
  • What do a firefighter and Google Chrome 69 have in common?
  • 15 months later: new attacks, same old vulnerability
  • Peekaboo exploits vulnerability in surveillance cameras in a major way

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 


Leave a comment

A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • An own goal and serious foul: Spanish football league’s app turns 10 million users into involuntarily spies
  • Amazon Rekognition – useful security and convenience tool or total surveillance for pennies?
  • An underestimated risk: the number of malware attacks on smartphones and tablets is exploding
  • Phishing with the stars: scammers take advantage of our celebrity obsession and the crypto craze to cause harm to users

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.


Top 1000 .ch Domain Names

Since the beginning of July 2018 SWITCH publishes the top 1000 domain names of the Swiss TLD .ch. On the one hand we want to support open data in Switzerland and on the other hand we are keen on knowing how exactly domain names are being used in order to keep the .ch zone secure. Therefore we have decided to start publishing the top 1000 domain names relying on the information that can be extracted from the authoritative DNS traffic. Although there are already sources that publish a ranking of websites, such as the Top Alexa, the DNS based ranking will give a differing view on the .ch zone since not only the www usage is represented but all services that make use of DNS. Continue reading


The May/June 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • Microsoft will never contact you by phone: support scam continues to gain momentum
  • «Efail» between hype and disaster: the security world needs to learn how to communicate
  • Sonic waves on the attack, recent incidents are reason to prick up your ears
  • Waterholing attacks: infrastructure is and remains a target

The Security Report is available in both English and German.

»»  Download the English report.      »»  Download the German report.

Did you miss our previous Security Report? Click here to go to the archive.

 


The March/April 2018 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report has just been released.

The topics covered in this report are:

  • The dark side of the Data Force: Facebook, Cambridge Analytica, and the pressing question of who is using whose data for what
  • News from the world of state trojans: Microsoft’s analysis of FinFisher
  • Russian APT28 hackers’ month-long infiltration of the computer network of Germany’s federal government
  • Bitcoin bounty or close encounter: bizarre side-effects of cryptomining

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.

 


Additional DNSSEC Training with PowerDNS on May 7 and 8

We announced 3 one day DNS trainings in the end of February and all three trainings where fully booked within 24 hours. We are happy to see so much demand for DNSSEC in Switzerland.
We managed to add two more dates for the DNSSEC training together with PowerDNS
The training will be given at the following dates in Zurich:

7.5. Zurich, SWITCH
8.5. Zurich, SWITCH

The one day training will give you an introduction into DNSSEC and show you how to sign DNS zones on an autoritative DNS server.
We will use PowerDNS for the practical and hands on part. PowerDNS contains support for DNSSEC, enabling the easy serving of DNSSEC secured data, with minimal administrative overhead.

Agenda:

• Short introduction to DNSSEC
• how DNSSEC works
• keys / signatures / NSEC / NSEC3
• Working with DNSSEC and the PowerDNS Authoritative server
• Short overview over PowerDNS Authoritative server backends (MySQL, PostgreSQL, BIND, pipe, …)
• DNSSEC signing
• Pre-signed zones
• CDS
• Zone transfers
• Utilities (pdnsutil)
• The PowerDNS ALIAS record (and its future)

Required skills: Unix system administrator skills and DNS server know how.The training will be delivered in english.

More information and registration here:

https://www.eventbrite.com/e/dnssec-training-zurich-may-7-tickets-44474772241
https://www.eventbrite.com/e/dnssec-training-zurich-may-8-tickets-44474795310


A Day in the Life of nic.ch

Ever wondered what the DNS traffic looks like on a usual day on a .ch name server? This article briefly sketches the landscape of systems querying .ch domains. To be exact, the following statistics and statements are based on a small subset of the overall data since the underlying sources just consist of 2 out of 8 name servers, i.e. a.nic.ch and b.nic.ch.  Overall the .ch zone consists of 8 name servers distributed all over the world. While some of them are setup as anycast network, others are set up traditionally as unicast servers located in a single data center.

We capture the DNS traffic as pcaps and subsequently process and store it with the help of Entrada which relies on HDFS and Impala. Currently, we operate a Hadoop cluster with 7 data nodes which provides us with a good basis for future in-depth analysis.

The following sections discuss two statistics that we publish on www.nic.ch in greater detail.

Who queries the name servers?

To start with, let’s have a look at who queries our name servers. Figure 1 shows the top 10 countries in terms of generated DNS traffic observed during week 4 of 2018. Additionally, the share of distinct IP addresses per country is displayed with a second bar. Since the original DNS traffic does not contain explicit information about the country where the query originates from this information is being added by Entrada with the help of the Maxmind database. To have a more representative image of the DNS landscape, Google resolvers and OpenDNS resolvers are excluded from this statistic.  Although from the queries themselves one cannot be sure about the nature of the querying system, for convenience, throughout this article we’ll call those systems resolvers.

top_ten_countries.png

Figure 1

Continue reading