A report from one of the Internet Corporation for Assigned Names and Numbers (ICANN) own advisory committee cast doubt on the internal security of new generic Top Level Domains (gTLD) set to go into effect later this year.
ICANN is a private corporation responsible for assigning unique names to Internet addresses and for the stability of the Internet by maintaining one of thirteen root Domain Name Servers operating in the world. In 2011, ICANN announced the creation of generic Top Level Domains (gTLD) which would allow Amazon, for example, to use the gTLD "book" thus Amazon.book would be a potential URL. ICANN's Security and Stability Advisory Committee (SSAC) "advises the ICANN community and Board on matters relating to the security and integrity of the Internet's naming and address allocation systems," and in a new report finds the gTLDs would break the internal certificate structure already in place. To continue with the above example, certificates vouching for the veracity of Amazon.com would not recognize Amazon.book. There are at least 157 certificate authorities (CAs) in the world that issue internal name certificates, with potentially many hundreds of others providing similar resources for in-house corporate use.Read More
Black Hat founder Jeff Moss, in his opening remarks at the 15th Annual Black Hat Briefings in Las Vegas, attacking your attackers in court is a better way.Read More