SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


Leave a comment

The July/August 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Attacks on PGP key server: is pretty good still good enough?
  • We need to talk! About how virtual assistants are listening in. Privacy at Facebook, part two: when the lawyer contradicts the boss
  • Breaking Binance: the world’s largest Bitcoin trading platform is hacked and blackmailed

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.


Leave a comment

SWITCH Public DNS Resolver

SWITCH operates recursive name servers for its constituency, the Swiss research and education network. Over the last year we have continually added support for transport encryption protocols on our recursive name servers such as DNS over TLS (DoT) and more recently DNS over HTTPS (DoH).

In contrast to default unencrypted DNS which runs over UDP/TCP Port 53 , both of these standards (DoT, DoH) use encrypted protocols which provide privacy for DNS queries between the client (application) and the recursive name server. This eliminates opportunities for eavesdropping and on-path tampering with DNS queries on the network.

Our motivation for enabling encrypted DNS protocols on our recursive name servers have been that some client applications (mostly Android 9) probe for DoT support and use it if available by default. Over the last year, other widely used applications have added support for encrypted DNS protocols. Most notably the web browser Mozilla Firefox which supports DoH but has not turned it on by default.

Opportunistic encryption of DNS queries and responses as it is used by Android 9 by default is one use case of DoT. However, some users want to pin a specific recursive name server regardless in which network they are or also to authenticate the name server. To support this use case, we have opened our recursive name servers over encrypted transport protocols to the Internet. You will find more information about the SWITCH Public DNS service and how to use it on this website:

https://www.switch.ch/security/info/public-dns/

Continue reading


Leave a comment

Attacks on DNS continue, targets are also in Switzerland

Attacks on the domain name system continue

Talos, the intelligence group of CISCO reported in their blog that their monitoring shows that attacks on the domain name system (DNS) by “Sea Turtle” continue.  The attack technique used is similar than before, the actors compromise name server records to take ownership of the domain. They then provide false information to selected parties (e.g certificate authorities, mail users) which leads to the disclosure of email credentials of the targeted organisations. These credentials give initial access to the victims E-mails accounts and other resources and are a starting point for further attacks.

Victims in Switzerland

For the first time, Talos also reported victims in Switzerland.

Geographic Location of Sea Turtle Victims by Talos

While Talos didn’t disclose the targeted organizations they identified these groups as primary targets:

  • Government organizations
  • Energy companies
  • Think tanks
  • International non-governmental organizations
  • At least one airport

Continue reading


The May/June 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Brought to light: Federal Crime Office closes down the world’s second largest illegal dark web marketplace
  • WhatsApp, state trojans? Or, why the city of San Francisco protects privacy better than Mark Zuckerberg’s messenger app
  • Privacy at Facebook, part two: when the lawyer contradicts the boss
  • Symmetry as a fundamental principle: now that we have software as a service, it is only a matter of time before we have cybercrime as a service

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

 


The Drama of Awareness – using Aristotle and Brecht to raise awareness: Part II

In the previous article, we were looking for inspiration on how to raise security awareness in Aristotle’s approach to artistic communication between actor and audience. His Theater of Illusion with its catharsis momentum gave us some insights on how to manufacture communications measures in order to achieve a learning process by proxy.

In the present article, we’re going to have a closer look at Brecht’s more modern concept of Epic Theater. The German playwright strives to move away from the Theatre of Illusion, from identification and purification, towards the active re-evaluation of reality by the audience.

Continue reading


1 Comment

The Drama of Awareness – using Aristotle and Brecht to raise awareness: Part I

There is a lot of drama surrounding the subject of security awareness. Whether it is because of the limited resources available in the face of ever-increasing demand, or the fact that awareness measures are still largely the responsibility of technically trained security experts – one could say that security awareness is surrounded by an air of tragedy.

How can you get users to manage data and devices securely? People have long wondered how to craft a message that moves people (to do something) – since well before the invention of advertising or awareness campaigns. It’s the same problem that lies at the heart of artistic communication between actor and audience. This article is, therefore, not about drama in the proverbial sense, but rather about literary drama as a work of art (of the theatre). Can literary scholarship provide us with insightful answers to this big question? First, we’re going to have a look at Aristotle  and the Classical Drama. Continue reading


The March/April 2019 issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Lenin and the detectives: Mobiispy stalkerware can make highly personal data collected while monitoring children and partners publicly accessible
  • Ransomware trojan LockerGoga brings companies to their knees
  • Straight talk at Facebook: when tech giants fail to meet even minimal security requirements
  • Malware straight from the factory: when Shadow Hammer strikes the supply chain

The Security Report is available in both English and German.

»»  Download the English report.     »»  Download the German report.

Did you miss our previous Security Report? Click here to go to the archive.