Sen. Ron Wyden (D-Ore.) on Capitol Hill in Washington on Dec. 19, 2017. (Carolyn Van Houten/The Washington Post)

Photo Credit: LuckyStep48, Getty Images

In the past few years, we’ve seen a radical shift from traditional paradigms in transactions. With the emergence of blockchain, decentralized peer-to-peer transactions have replaced typical financial arrangements and revolutionized the financial world. In a few short years, the landscape for financial institutions has radically changed. Yet, the surface has barely been scratched in the ways blockchains can disrupt other entrenched industries. Enterprises have two choices, adopt the blockchain or be left in the stone age. The question is, why should your security program be any different?

Come see the inventor himself, Paul Mockapetris, deliver the keynote presentation at NamesCon 2017:

Paul Mockapetris

[wpvideo bpjKUiwj]

Click here to read Senior Program Manager for Microsoft Dynamics, SDN, & DNS, Kumar Ashutosh’s technical summary of the DNS Capabilities available in Windows Server 2016 including DNS Policies, Response Rate Limiting (RRL), DANE Support, Unknown Record Types, IPv6 root hints, DNS Server on Nano and ThreatSTOP’s partnership to provide DNS Firewall security to block malicious domain access.

If you are a criminal and trying to steal things then breaking the law in other ways is unlikely to concern you. To me such a statement seems obvious, but apparently it isn’t – and I’m not just talking about cyber-criminals here.

Since the Internet is nearly out of IPv4 addresses, people are finally getting serious about using IPv6. As people start deploying IPv6 we will find new bugs and loopholes that crooks can exploit. Holes like this one that mean that a bot on a network could act as the "man in the middle" for everyone else nearby.

This is a follow up to the previous post where we noted the emergence of a new 'conficker'-like threat. Thanks to research by our colleagues at Shadowserver it looks like the threat is actually more closely related to the Waledac/Storm worm malware rather than conficker, however that does not stop us from blocking it.

Over the last couple of days we've seen an increasing number of outbound DNS queries to ip addresses on our block lists - principally to ones on the DShield 4000. Since the destination servers are frequently in China and the subscribers have little to do with China this looks unlikely to be genuine traffic. It is however somewhat suggestive of Conficker and other similar fastflux DNS malware which "call home" via a DNS lookup to some randomly generated subdomain of an otherwise apparently genuine domain. The DNS lookup resolves (usually) to a fastflux intermediary that communicates with the botmaster, The DNS server itself is generally not 'bad' per se but it will be under the control of the cyber crooks because they have to feed it the zone changes so frequently and this level of activity would raise a flag in any legitimate DNS hosting service.