During the development of the DNS Knot Resolver, CZ.NIC Labs have managed to reveal a security flaw that makes it possible to bypass DNSSEC security on F5 load balancers and cause denial of service. These products are being used, for example, in some internet banking applications, including those of Czech banks and public authorities. From the perspective of a user attempting to access an internet banking service, a successful attack exploiting this error would manifest in the browser suddenly reporting an “address not found” error and the service becoming unavailable.
The CZ.NIC Association joined the campaign – Family Offline Week with the subtitle “We are not afraid to be offline together“, which will be held this year from May 11 to May 19, 2019. The purpose of the 4th year of the campaign is not only to celebrate the International Family Day, on May 15, but above all to think about the excessive use of digital technology. The uncontrolled use of mobile phones, tablets and computers not only causes health problems but also worsens interpersonal relationships. Children from early age play with tablets and mobiles, often losing social contact with their peers.
In March, a delegation of experts from five different organizations focused on child safety on the Internet and personal data protection from Bosnia and Herzegovina visited our Association.
The CZ.NIC Association used the Safer Internet Day to introduce its new project, aimed at children´s safety online. The CZ.NIC Association acts as a coordinator of the project that started on 1 January 2019, another partner is the Safety Line, ensuring the operation of a helpline. CZ.NIC will continue operating the Czech national hot-line STOPonline.cz, which received a record number of reports last year.
Today, I would like to go back to the topic I brought up in my earlier blog post. At that time, I was horribly angry at the administrators of photo sharing servers. I was angry at the absence of better mechanisms to check the photos people upload. Why don’t they have a person who would take a look at them? Why don’t the make the albums private by default? I could go on, but after almost two years of what seemed like fighting windmills, I have realized one thing. It’s not the administrators’ or providers’ fault — everyone is responsible for their own actions.
Vulnerability of SOHO routers becomes a topic of analyses by various security organizations almost every week. The 2017 Symantec report shows a year-on-year increase in the number of attacks on IoT devices by 600%. The most vulnerable are unsecured routers, which often make it possible to gain easy access to each connected device. The April’s alert from the official US-CERT also tells us of the growing number of these attacks and their severity.
There is no doubt that high school students use information and communication technology just as commonly as a toothbrush. Unfortunately, when it comes to security, there is really room for improvement. This was confirmed by the National Final of the second Czech Cyber Security Competition among high schools.
We launched the campaign for Turris MOX – modular and open source router. As modularity is something new in this field, some users are quite confused and don’t know what should they pick. This article is here to help you a little bit decide which combination is the right one for you and help you understand why would you actually want modularity.
Over past years, various DNS software developers tried to solve the problems with the interoperability of the DNS protocol and especially its EDNS extension (RFC 6891 standard), by temporary workarounds, which aimed to lend their software an ability to temporarily accept various non-standard behaviors. Unfortunately, time has shown that this attitude of adding temporary workarounds is not a long-term solution, especially because the implementations not fully complying with standards were seemingly functional and there was no reason for a permanent fix. The result of these makeshift solutions is their accumulation in the DNS software, leading to a situation where there are so many of them that they themselves begin to cause problems. The most obvious problem is slower response to DNS queries and the impossibility to deploy new DNS protocol feature called DNS Cookies, which would help reduce DDoS attacks based on DNS protocol abuse.
Czech children under age 13 who use Facebook or Instagram are less than four months away from becoming lawbreakers. What makes the situation even worse is the fact that unless a law is passed by this May that would set the threshold for the use of social networking services to 13 years, from that point their use, along with other services, will become illegal for every person aged from 13 to 16 who does not obtain consent of their parents. This issue has already been addressed in our blog by our colleague Jiří Průša. But let’s go deeper.