Quad9 as a Tool to Fight Business Email Compromise
Business Email Compromise or BEC is not a new cybersecurity attack vector, but it is gaining more attention as it is becoming more common. The basic idea is that a scammer or con-artist uses deception to pretend to be a high-level official of an organization in order to compromise that organization or to otherwise profit. […]
What Does the IANA Transition Mean for Us?
When I first worked with TCP/IP and the ARPAnet, there was no DNS. When one wanted to connect to a computer by name, the system looked in a table called “HOSTS.TXT” to find the IP address corresponding to the name. The growing file had to be downloaded every few days from a “nearby” host that […]
Your BIND Server Probably Needs an Update
Years ago I wrote a class that included a long section on configuring DNS – the Domain Name System the Internet uses to “resolve” human-readable names into machine-processable IP addresses. I focused on explaining how to make it work. In a later security course I explained issues with DNS and how BIND 9 would fix […]
NTP Reflection and DDoS
Let’s say a company runs a promotion for a free can of soup. And let’s say that 1000 of your friends decide to send the soup company your address instead of theirs. You would likely get 1000 cans of soup! Now consider that 10,000 people decided to use your address for their free soup… Unless […]