Little bit of history
Apart from operating .CZ top level domain, CZ.NIC does a lot of other interesting things contributing to the common good. Part of it is running Czech national CSIRT team, doing security research and raising awareness about potential security issues. As part of our security research, we started wondering a long time ago how much are the average Joes and Janes attacked, by who and how. People that are just connected to the internet, run no public service and are just consumers. If only there was some kind of probe that would allow us to see what is going on there…
At the end of November last year awesome crew from AT&T organized a hackathon about various aspects of smart technology. They have a long tradition in organizing those and they are really good at it. We spoke at various conferences with them and they asked us whether we would be interested in joining as we have interesting hardware to lend contestants and also developers skilled in various areas that could help the attendees to overcome various issues. We jumped on board right a way!
DNS is one of the critical services necessary for proper operation of the Internet. Also it is often a target of various cyber attacks. Considering this fact, operators of authoritative DNS servers require robust solutions offering enough performance for regular DNS traffic and resisting possible attacks against this service. That is the reason why we focus, besides other aspects, on the performance during development of our authoritative DNS server Knot DNS. Benchmarking is an inseparable part of the project and we have been exploring various ways of further performance growth. Recently we had a great opportunity to play with the epic 128-thread processor AMD EPYC 7702P. In this blog post I will share some results from its benchmarking.
What has led the fifteen-year-old good boy Martin, “Marty”, to filming himself with his phone in situations that give you chills? Did he have to die for his parents to find out about the anxious feelings and horrific moments he had experienced before his death? Was he really a pathological freak or a victim of systematic blackmailing?
Last month, at the invitation of my colleagues from the Polish Safer Internet Center, I attended the conference “Keeping Children and Young People Safe Online”. One of the main themes of this event was how the digital world, together with IoT (Internet of Things) affects our lives. I have heard many interesting contributions and discussions, which made me think about the topic again, summarize the findings and add my personal insights and recommendations.
In September this year, the Czech Safer Internet Centre (CZ.NIC), in cooperation with the National Cyber and Information Security Authority, presented an online course called Digital Footprint, intended primarily for children aged 10-13. This interactive game focuses on Internet privacy and associated socio-pathological phenomena such as personal data abuse, sexting, digital privacy or cyberbullying.
Once upon a time, in a company far, far away, they build a bike shed. The actual bike shed. Surprisingly without any bike-shedding. But then they were wondering how to give access to all the cyclists to the yard bike shed was build on. It was not a highly secured area, but still, it was behind gates so no stray dogs or stray cars could enter. They already had a remote-controlled gate via special key fob. But those were expensive, required some tracking, it took quite some time to order a new one and in general there was quite some overhead managing them.
IoT or Internet of Things is a real hype nowadays. Everybody is talking about it and everybody is doing it. Especially companies producing various electronic devices like light bulbs, electric switches, thermometers, scales, CCTV and such. Everything can be smart – even your toilet. All you need to do is to measure something or replace the manual switch with electronic one and connect it to Bluetooth, Zigbee, ZWave or even WiFi and you have a smart device that people will pay a hefty price for. But there are some issues (apart from the obvious one that not all those devices make sense).
During the development of the DNS Knot Resolver, CZ.NIC Labs have managed to reveal a security flaw that makes it possible to bypass DNSSEC security on F5 load balancers and cause denial of service. These products are being used, for example, in some internet banking applications, including those of Czech banks and public authorities. From the perspective of a user attempting to access an internet banking service, a successful attack exploiting this error would manifest in the browser suddenly reporting an “address not found” error and the service becoming unavailable.