DNS has been in use on the Internet for more than 30 years — now it is time for its worldwide maintenance that shall, for the first time in the existence of DNS, require coordinated actions from all operators of DNS servers and DNSSEC validators.
On August 14, over 50 representatives of internet organizations met at the headquarters of DENIC, the German top-level domain registry, to attend the first ID4me summit. ID4me is the current name of the project, which was started last year under the name DomainID — I mentioned it briefly in my presentation at our last year’s conference IT 17.2. It was initiated by the .DE domain administrator, together with the major German registrar 1&1, and Open-Xchange, the operator of online collaboration tools. However, there are many other companies that are willing to support it, including the UK domain registry Nominet. The goals set by the project are quite familiar to us — reducing the number of passwords and registrations that people need while using the Internet. Like CZ.NIC with its mojeID project, the authors of ID4me have come to the conclusion that the domain world is just the place for an attempt to achieve these goals.
To those who want to test their Internet connection speed, there are several options available in the app store. An application for measuring high-speed Internet connection called Open Nettest was developed as part of the international project Open Crowdsourcing Data related to the Quality of Service of High-Speed Internet (MoQoS). Using this application, you can test the speed of connection provided by your mobile operator or the speed of connection through a wireless network.
Last month, the CZ.NIC Academy co-organized the second cyber camp for twenty children from Prague 9 Children and Youth Center.
Vulnerability of SOHO routers becomes a topic of analyses by various security organizations almost every week. The 2017 Symantec report shows a year-on-year increase in the number of attacks on IoT devices by 600%. The most vulnerable are unsecured routers, which often make it possible to gain easy access to each connected device. The April’s alert from the official US-CERT also tells us of the growing number of these attacks and their severity.
The new product of the Turris router series is called MOX and it is conceived as a modular system. A number of additional modules can be connected to the basic CPU of the MOX A module, allowing the users to use only the features they need, without the peripherals they have no use for yet. And, of course, they will be able to extend the entire router in the future as necessary. Modules marked with letters A through E are now in the prototype stage, i.e. launching, testing of individual functions, but also fine-tuning the production process and preparation for serial production of thousands of devices. In this article, you will find out what prototype production looks like.
We are releasing dns-collector, an entry part of our pipeline for monitoring of our DNS servers and analysis of the DNS traffic. Together with advanced analysis of the collected data, we can not only monitor the DNS traffic for urgent problems, but also detect and examine long-term trends and issues (e.g. misconfiguration of other servers). We have presented this system at the IT 15.2 conference (video and slides in Czech).
There is no doubt that high school students use information and communication technology just as commonly as a toothbrush. Unfortunately, when it comes to security, there is really room for improvement. This was confirmed by the National Final of the second Czech Cyber Security Competition among high schools.
The history of introducing the DNSSEC technology in the CZ domain goes back more than a decade, and there have been several important changes during its course. For example, let’s look at the year 2010, which was literally packed with events related to the introduction of DNSSEC. First of all, the root zone was signed in July and right afterwards, the first KSK rotation with the change of algorithm among the top-level domains took place in the CZ domain in August. After eight years, we are going to repeat this “combo”, only in reverse order. There is a delayed first rotation of the root zone KSK (without altering the algorithm) scheduled in October. And in June we will perform the already announced KSK key rotation in the CZ domain, again with the change of the algorithm. This time, however, we will use the ECDSA algorithm based on elliptic curves — as the first top-level domain administrator.
Our second crowdfunding campaign for Turris routers will end in a week. The first one for Turris Omnia ended up being a phenomenal success. That time we set our target amount to USD 100,000. In 60 days, we collected an incredible USD 875,000, which was — and still is — the second highest amount collected in Czech campaigns. That’s why we figured that in the case of MOX we definitely cannot stay too close to the ground in order to maintain our trustworthiness. Eventually, we set the target amount to USD 250,000, which, compared to Omnia, looks like a low figure, but it is actually quite ambitious. This campaign is different in two important respects: