SWITCH Security-Blog

SWITCH-CERT IT-Security Blog

1 Comment

DNSSEC Usage in Switzerland is on the rise after widespread attacks on the Domain Name System

Attacks on the DNS System

Cyber attacks on the DNS system are not new. Cache poisoning, Domain Hijacking and BGP injections of routes to public DNS resolvers happen regularly, but they usually don’t get much attention as they target the Internet’s core infrastructure and are not directly visible to end users in most cases. This time it was different. The recent widespread DNS hijacking attacks on several Mid East, North African and European and North American governments and infrastructure providers, published by Ciscos Talos showed that DNS attacks are a real threat to cyber security. Netnod, one of the affected infrastructure providers issued a statement, that called, amongst other domain security mechanisms, for the implementation of the DNS Security Extensions (DNSSEC).

The analysis of these attacks also convinced the Internet Corporation for Assigned Names and Numbers (ICANN) that there is an ongoing and significant risk to key parts of the System (DNS) infrastructure. ICANN issued a call for “Full DNSSEC Deployment to Protect the Internet” across all unsecured domain names.

The question is if  these attacks and the awareness that DNSSEC is an absolute essential base layer protection for domain names had some effects on the Implementation of DNSSEC Switzerland?

More DNSSEC signed domain names

As a ccTLD operator SWITCH publishes the number of DNSSEC signed .ch and .li domain names every month. While the number of signed domain names is still very low at around 3-4% we see a rise in the numbers of signed domain names for two years now.

DNSSEC signed .ch domain names 1.4.2019

Continue reading


1 Comment

IT-Security-Links #65


1 Comment

IT-Security-Links #64

  • Shellshock I: Shellshock is a term dating from World War I and it refers to the effect of the trauma of battle on troops. But since last week it’s also the name of a serious GNU Bourne Again SHell (Bash) vulnerability, or to be more exact, a series of vulnerabilities (currently CVE-2014-6271,-7169, -7186,-7187,-6277,-6278). Comprehensive technical overviews are available from SANS (PDF) and TrendMicro (PDF).
  • Shellshock II: Web servers are indeed currently at the highest risk of being exploited, but the command shell exists all over the Internet. For example there’s also an attack vector in OpenVPN. And Shellshock could also be used to hack VOIP systems.
  • DMCA-Takedowns: Warner Bros. Entertainment must now release key information about its automated scheme to send copyright infringement notices to websites.
  • WordPress-Security: Security researcher Ryan Dewhurst released the WPScan Vulnerability Database, a one-stop shop for the latest WordPress, plug-in and theme vulnerabilities.
  • Google and Dropbox launched Simply Secure to improve online security. The newly created organization aims to make security technologies easier to use.
  • How to deal with old Java-based enterprise applications? Deutsche Bank London helped develop an “application self-defense tool” that sits below the application to detect and prevent attacks and apply virtual patches.

IT-Security-Links #63


Swiss economy makes online security its priority

Switzerland is one of the safest countries in the world. To make also the Internet a secure place in Switzerland, the Swiss online economy has started the Swiss Internet Security Alliance (SISA). The goal of the alliance is to make Switzerland the “cleanest” Internet country in the world! The organization launched an online security check today which allows internet users to clean and protect their systems.

Offering more security
The founding of the Swiss Internet Security Alliance is a sign of its members’ commitment to making the Internet a secure place in Switzerland. The association brings together expert knowledge from representatives of various sectors and promotes information-sharing amongst competitors.

Overcoming challenges together
The Swiss Internet Security Alliance focuses on its main assets – the knowledge, experience and technical expertise of its members. Its members asut, Centralway, credit suisse, cyscon Schweiz, Lucerne University of Applied Sciences and Arts, Hostpoint, Migros Bank, PostFinance, Raiffeisen, Sunrise, Swisscard, Swisscom, SWITCH, UBS, upc cablecom and Viseca have longstanding experience in dealing with online security.  The association is open to other interested parties. More information can be found in the press release:


Comprehensive security check
Upon founding the association, the Swiss Internet Security Alliance is launching a security check. The Swiss Security Check provides protection on three levels.

  1. Users with outdated or incorrectly configured software who are therefore subject to a security risk, will find this out within seconds.
  2. If there is suspicion of malware, the malware cleaner helps with the diagnosis and resolution of the problems.
  3. A cyber vaccine completes the protection and keeps electronic pests at bay.


The Swiss Security Check is free and can be accessed here:


Please follow @swiss_isa on Twitter!


IT-Security-Links #58


1 Comment

The web is completely broken

The web is completely broken,

sagt sinngemäss Jeremiah Grossman [1], ein alter Hase im Bereich der Web Application Security. Zwar vertreibt seine Firma auch einen eigenen Webbrowser mit Fokus auf Security und vor allem Privacy, Recht hat er trotzdem: Täglich verwenden wir Technologien, welche das Etikett “Broken by Design” tragen (sollten). In diesem Artikel befassen wir uns mit zwei Themen: Cross Site Request (Forgery) CSR(F) und Certificate Authorities (CA). Die Probleme sind seit Jahren bekannt. Heute wurde gerade wieder ein CSRF-Exploit für WordPress 3.9.1 publiziert. Und ja, das ist die aktuelle WordPress-Version.

CSR(F) – Cross Site Request (Forgery)

Cross Site Request Forgery ist im Gegensatz zu seinem Bruder Cross Site Scripting nur marginal bekannt. Dennoch belegte CSRF 2010 in den OWASP Top Ten Platz 5, und im Jahr 2013 immerhin noch Platz 8. Es handelt sich folglich um eine häufige und durchaus kritische Sicherheitslücke in Webapplikationen. Doch was ist CSRF und was hat das mit “Broken by Design” zu tun?

Viele Webseiten binden externe Ressourcen, beispielsweise Bilder, Javascripts oder Werbung, ein. Das Adjektiv extern verweist hierbei auf eine andere Domäne. Ein Beispiel: Was geschieht, wenn man auf die Webseite einer typischen Schweizer Tageszeitung http://www.typischeschweizertageszeitung.ch/ geht?

  • Es werden Ressourcen von typischeschweizertageszeitung.ch geladen.
  • Es werden weitere Ressourcen von beispielsweise adtech.de, cxense.com, cxpublic.com, visualrevenue.com, wemfbox.ch etc. geladen.
  • Es werden von cxpublic.com wiederum weitere Ressourcen von 2mdn.net, serving-sys.com etc. geladen.

Diese Anfragen für externe Ressourcen nennt man Cross Site Requests. Und jetzt? Zunächst muss man sich fragen, wer denn diese Requests im Auftrag von typischeschweizertageszeitung.ch ausführt: der Browser. Anschliessend muss man verstehen, dass dieser Request unter Verwendung sämtlicher lokal gespeicherter Daten (insbesondere Cookies) für diese externe Domäne abgesetzt wird. Schauen wir uns ein relativ harmloses Beispiel an:

<script type="text/javascript">
   function csrf() {
      alert("Auf läuft ein Apache Server unter OpenBSD.");
   function nocsrf() {
      alert("Test fehlgeschlagen, aber vielleicht funktioniert etwas anderes? ...");
   <img src="" onload="csrf()" onerror="nocsrf()">

Continue reading