[ksk-rollover] Any potential correlation between the roll over and the recent notice by the US Department of Homeland Security on DNS Cyber Attacks?
Lee Neubecker
lee.neubecker at greatlakesforensics.com
Fri Jan 25 19:31:49 UTC 2019
I wanted to make sure you were all aware of several notices issued which
came just before and after the root key change over for DNS. Bad actors
with access to the older private key root (if compromised) may have been
motivated to strike before the key change over.
https://www.cyberscoop.com/dhs-dns-directive-government-shutdown/
This alert went out the day before change over on January 10th, 2019.
https://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaign
This alert on January 22nd, 2019 https://cyber.dhs.gov/ed/19-01/
This alert was issued yesterday
https://www.us-cert.gov/ncas/alerts/AA19-024A
The timing of this change over taking place roughly 2+ weeks after the
U.S. Government Shutdown is a little unfortunate, since the switch over
date may have encouraged attacks before the old key was revoked. I do
think the re-key is a good idea, and agree with Tony Finch on the
concept of
"[I favour annual rollovers, with keys generated and promulgated out
of band a few years in advance, and at most two KSKs in the root zone at
any time.]"
I welcome any comments.
Lee Neubecker, CISSP
President & CEO
GreatLakesForensics.com
65 W. Jackson Blvd., Suite 101
Chicago, IL 60604
Toll Free/Fax: 888-503-0665
https://greatlakesforensics.com
Computer Forensics · Cyber Security Readiness & Response · Online
Identity Investigations
Check out my security blog at https://leeneubecker.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ksk-rollover/attachments/20190125/fa42c2c4/attachment.html>
More information about the ksk-rollover
mailing list