links posted by afilias
Updated: 1 hour 17 min ago
While it’s tempting to blame open resolvers for the SpamHaus attack and end the discussion, that paints an inaccurate picture. Open resolvers make for an easy target, but they can be managed properly — as, for example, Google does — and made to comply with the best practices set forth in the IETF’s Domain Name System Operations Working Group paper, “Preventing Use of Recursive Nameservers in Reflector Attacks.” That said, Domain Name Servers provide an ideal system for the type of attack directed at SpamHaus. That’s because the accepted paradigm is that when a query comes in to a Domain Name Server, it’s responded to in good faith, according to the query’s stated point of origin. After all, a good citizen would give directions to someone who asked for them.
Roland LaPlante, CMO of Afilias, said, “Our research shows consumers are unaware that these changes are coming and would avoid the new gTLDs due to their unfamiliarity. However, the new gTLDs offer consumers great benefits, such as reducing the risk of purchasing counterfeit goods online…Education is also needed to ensure the growth and support of IDNs. British and American consumers should understand that if a domain name isn’t written in a script they readily recognize, it doesn’t mean the site is dangerous.”
First, businesses should ensure that its main website address is the central location for all digital assets. Diverting an online audience to other channels, whether it’s a Facebook page or Twitter handle, effectively reroutes them to another company and dilutes a business’s own online brand presence. While a social media presence is essential, every brand needs its own unique home that can be completely controlled by the company’s brand management and where customers cannot be tracked or otherwise exploited by a third party. Additionally, with Forrester predicting that mobile commerce is set to quadruple to $31 billion in the next five years, preparing for the m-commerce boom is essential for competing in the new online environment. Consumers now expect a seamless online experience, regardless of the type of device used to access a business’s website. To that end, businesses must ensure that existing websites are optimized for mobile viewing.
ning on to the newly formed Internet advocacy coalition. It’s the first registry to sync up with i2Coalition, and the announcement comes as ICANN’s 46th public meeting launches in Beijing this week. Tech observers are keeping a close eye on that meet-up, as ICANN’s implementation of new generic top-level domains is set for less than three weeks away — undoubtedly highlighting some key public policy issues that groups like i2 will be acting on.
“The advent of new gTLDs coming over the months ahead will result in major changes to the internet,” said Roland LaPlante, chief marketing officer at Afilias. “Some of the world’s best-known companies will roll out a dot brand extension but our research shows consumers are unaware that these changes are coming and would avoid the new gTLDs due to their unfamiliarity. However, they offer consumers great benefits, such as reducing the risk of purchasing counterfeit goods online."
Online applications, for years now, have been beholden to certification authorities — third-party entities that ensure a server holds a specific private key and publishes the corresponding public key. To make sure that your application is secure, you have to get your certificate authorized and recognized as secure. Many large institutions and government entities have their own certification authority, and some providers issue digital certificates at no cost. However, most commercial certification authorities charge for certificates that are automatically trusted by most Web browsers. The more ubiquitous a particular certification authority is, the greater the number of Web browsers, devices and applications that trust it.
“Source address validation guarantees spoofing cannot happen,” said Afilias CTO Ram Mohan. “We have been exhorting the community to implement it promptly. This ensures that a resolver first determines a source address is valid before it sends back responses.” The onus lies with ISPs to find a business reason to do so on their respective infrastructures, said Jim Galvin, director of strategic relationships and technical standards at Afilias, which has source address validation implemented across its DNS infrastructure. By implementing source address validation, an ISP would then allow only traffic from its IP ranges to make DNS requests, making IP spoofing a moot point.
Aussagekräftige Web-Adressen sind ein wertvolles Gut, trotz Suchmaschinen und Sozialen Netzwerken. „Die Verbraucher nutzen vielleicht Facebook statt einer eigenen Website, aber für Unternehmen sind Web-Adressen ein Anker im Netz“, sagt Jonathan Robinson vom Internet-Dienstleister Afilias, der rund um die Vermarktung von Domains ein Geschäft aufgebaut hat. Anders gesagt: Wer sich einen markanten Namen gesichert hat, ist nicht so stark auf Google angewiesen. Denn einprägsame Adressen geben viele Nutzer direkt ein und nicht erst in eine Suchmaschine.
"Our research shows a majority of consumers are unaware that these changes are coming," a recent report by registry and DNS provider Afilias noted. "And once users hear about them, they would likely avoid the new extensions due to their unfamiliarity." "Old habits die hard. [Our] research shows consumer are currently reluctant to experiment with new TLDs," the Afilias report reads. (Afilias should know: the company launched with the .info domain registry in 2001.) "Confidence in 'heritage' domains has been built over many years and dot brands have tough shoes to fill."
To grab someone’s attention about security, people sometimes use fear. And fear works. But you can cry wolf one too many times and lose credibility thereafter. There are other ways to present security that don’t focus on apocalyptic scenarios but rather remain faithful to the fact that security is, more than anything, insurance. It protects what can be a company’s most valuable asset: its online presence.
“I think it’s great that Google is getting involved and supporting validation for DNSSEC; it’s a terrific move forward,” said Ram Mohan, CTO at Afilias, a managed DNS provider and registry service. “It further establishes DNSSEC going mainstream. It used to be a technology running the risk of becoming isolated. Now it’s much more of a mainstream technology.”
Ram Mohan explained that while DNSSEC does not solve every Internet-based security issue, it does offer a more advanced level of user security for directory look-ups than is currently in use. “For example, DNSSEC can ensure that a Web browser knows where to find the site you are trying to reach,” Mohan explained. “Browsers can employ this information to help protect users from phishing attacks and from being hijacked. Although browsers don't use DNSSEC in this way today, they easily could (and probably should.) Although you can still be hijacked and your site could still be the victim of phishing attacks, including DNSSEC in an overall security strategy will help to mitigate the risk to users.” Mohan also suggested that DNSSEC complements other security technologies and provides a platform for yet-to-be-developed innovations.