SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


5 Comments

DNSSEC training with PowerDNS in Switzerland

SWITCH is organising a one day DNSSEC training together with PowerDNS

The training will be given at the following dates:

9.4. Zurich, SWITCH
10.4. Bern, Uni
11.4. Carouge HESGE

The one day training will give you an introduction into DNSSEC and show you how to sign DNS zones on an autoritative DNS server.
We will use PowerDNS for the practical and hands on part. PowerDNS contains support for DNSSEC, enabling the easy serving of DNSSEC secured data, with minimal administrative overhead.

Agenda:

• Short introduction to DNSSEC
• how DNSSEC works
• keys / signatures / NSEC / NSEC3
• Working with DNSSEC and the PowerDNS Authoritative server
• Short overview over PowerDNS Authoritative server backends (MySQL, PostgreSQL, BIND, pipe, …)
• DNSSEC signing
• Pre-signed zones
• Zone transfers
• Utilities (pdnsutil)
• The PowerDNS ALIAS record (and its future)

Required skills: Unix system administrator skills and DNS server know how.The training will be delivered in english.

More information and registration here:

Zurich: https://www.eventbrite.com/e/dnssec-training-zurich-tickets-43350331007
Bern: https://www.eventbrite.com/e/dnssec-training-bern-tickets-43592055010
Carouge: https://www.eventbrite.com/e/dnssec-training-carouge-tickets-43592840359

Update 28.2.2018: All three trainings are fully booked after only 24 hours. We are happy to see so much interest in DNSSEC in Switzerland. Waitlist is now open.


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Meltdown and Spectre: security meltdown directly from the processor
  • Leaks, fakes and cryptocurrency hacks: business models of a different kind
  • Italianitá in the smartphone – state trojan monitors smartphone users
  • Kaspersky shut out of Lithuania as well
  • Strava leaks – fitness secrets of a different kind

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Dresscode for apps in the Google Play Store: malicious
  • Quad9 – does it offer a data protection-friendly alternative to Google DNS?
  • Uber’s customer and driver data on a highway to the Dark Net
  • An earful of espionage: when headphones become listening devices

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.


1 Comment

Breaking security controls using subdomain hijacking

Users obtain a domain name to establish a unique identity on the Internet. Domain names are not only used to serve names and addresses of computers and services but also to store security controls, such as SPF or CAA records. Many of the Internet protocols were designed at a time where built-in security was not a requirement. The IETF continues to standardize protocol extensions to address today’s security needs.

For some protocols security is added with controls stored in your domain names zone file. In order to have the desired effect, the pre-condition is of course that your domain name is secure. In other words, the security of your application that makes use of controls in DNS is only as secure as the security of your domain name.

Hijacking a domain name because of weak credentials at the registrar may get the job done but this is far from stealthy and will likely not last long. In many cases it is sufficient to hijack an abandoned subdomain. Taking over abandoned subdomains may be unnoticed by the owner for a very long period of time making it also very useful for targeted attacks.

Picture 1: update.ft.com has been hijacked and the content from the ft.com front page is mirrored with a fake article about subdomain hijacking. Note: the website is not online anymore, Financial Times has been notified to remove the abandoned record from their zone file. A Certificate Transparency (CT) log proves that a TLS certificate has been issued for this demo site.

Continue reading


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Attack of the digital dolphins: hacking Alexa, Siri and their friends via ultrasound
  • The anti-antivirus programme: US government bans agencies from installing Kaspersky software on their computers
  • A hack of ‘epic proportions’ at Equifax
  • Science fiction 4.0 – how to hack a computer with a drop of saliva

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.


1 Comment

Money for Nothing and Coins for Free

Beginning in mid-September 2017, we started seeing a new abuse scheme on .ch and .li domains. The websites in question were running on outdated software and inevitably, hackers exploited some well-known vulnerability in order to inject malicious code. At this point we would usually expect an exploit kit in the website’s content with the purpose of infecting the victim’s machine with malware. In these cases however, the Javascript inject often looked somewhat like the following:

This code is designed to run in the background of the victim’s browser and immediately starts an endless loop of intensive computations at full pace, effectively turning the browser into a hash-crunching mule for the sake of distributed mining of cryptocoins, with profits going directly to the hacker.

Continue reading


A new issue of our SWITCH Security Report is available!

Dear Reader!

A new issue of our bi-monthly SWITCH Security Report is available!

The topics covered in this report are:

  • Family business: Petya and its derivatives sweep over half the world as a new wave of ransomware
  • Pay a ransom for your privacy: new «extortionware» exposes its victims
  • Positive use of metadata – Cisco can detect malware activity even in encrypted network traffic
  • Successful strike against the darknet drug and weapons trade – security services bust AlphaBay and Hansa

The Security Report is available in both English and German.

»»  Download the english report.      »»  Download the german report.

Did you miss our previous Security Report? Click here to go to the archive.