Swedish hosting provider Binero has announced that it has DNSSEC-signed all of its customers’ .se domains. This brings the total amount of signed .se domains to more than 100,000 from the previous total of 5,000.

“Nearly one in ten Swedish domains are now validated against attacks with manipulated dns-information, like phishing,” Binero’s press release said.

It’s hard to find any worldwide numbers to compare to but ICANN reported yesterday that 88 TLDs (Top-Level Domains) are DNSSEC signed.

But what is DNSSEC (Domain Name System Security Extensions) and why should you care whether your domains are signed with it or not?

Read more

As 2011 draws to a close we wanted to take a look at computer and information security in the twelve months that have passed.

What will probably stick in most people’s minds is the Sony PlayStation Network and Qriocity hack, which resulted in an outage lasting 23 days. In other developments, hacktivist groups like Anonymous and LulzSec took to social media to further their causes, and mobile malware got more attention than ever before.

All in all, there’s no doubt that 2011 was a very busy year for IT security professionals.

Read more

DNS, the Domain Name System, is one of the major pillars of the Internet. It’s a critical service, and without it we would all have to use IP addresses instead of handy domain names like “Pingdom.com” when we want to visit websites, send emails, and so on.

However, DNS has a huge flaw. Because DNS lacks security features it has been relatively easy for hackers to trick DNS servers with false information. By tricking DNS servers, hackers have been able to hijack entire websites. Needless to say, attacks such as these are a security nightmare and can be used for a large variety of malicious purposes such as site defacement, phishing, malware installations, and more.

Read more

Apple’s iPhone has been a massive success in the consumer smartphone sector. But can it mount a serious challenge to phones such as Research in Motion’s Blackberry in the business marketplace? It can, providing Apple is willing to make some changes.

Read more

It seems like every month there is some kind of news story about leaked emails. When emails never intended for the public eye are leaked, the consequences can be huge. People have lost their jobs, whole companies have been embarrassed, and in some cases the information revealed can even be dangerous.

Considering how easily emails can be leaked, it’s almost surprising we don’t hear about leaks more often. Here are a few famous examples of leaked emails and what their consequences were.

Read more

URL shortening services have been around for a long time (TinyURL started back in 2002) but it wasn’t until Twitter started gaining momentum that they became widely popular. Now we have a TON of them, including the original TinyURL, Bit.ly, Is.gd, and many, many more.

We have all placed an enormous amount of trust in these services by using them to such a large extent. They offer a legitimate, highly useful service, but we should at least be aware of the flip side of the coin.

Read more

Financial Times just published an article about the “secret war on web crooks.” The article contains several interesting tidbits of information about spam and the challenges of trying to prevent it.

Read more

The Conficker virus was supposed to start working its sinister magic on April 1. Were people really worried? Sure looks like it.

Read more

Last week the BitTorrent site Mininova was hit by a large-scale DDoS attack that caused a total of 14 hours of downtime. Regardless of what you think about torrent sites, this was an interesting example of how a website can be incapacitated by a DDoS attack.

We chose this example to illustrate the effect of a DDoS attack because Mininova shared some relevant information about the attack, especially a very telling traffic graph from their Internet connection. This coupled with some Pingdom monitoring data gave us a chance to look closely at the effects of a DDoS attack.

Read more

This week Netcraft reported that there are now 1 million websites with valid SSL certificates on the Web. Only certificates issued by trusted third parties were included in this number.

In a study by Venafi from 2007 (referenced here), 18% of the Fortune 1000 websites had expired SSL certificates. If that ratio still holds true, and holds true for the rest of the Web as well, it means that in addition to the 1 million websites with valid SSL certificates there are 219,000 websites with expired SSL certificates.

Read more