Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Scaling the Root

An independent, third party organization was selected to analyze the impact of scaling the root in order to meet future needs currently on the horizon.

Currently the root zone is relatively small and changes slowly. This is expected to change with the support of DNSSEC, the addition of IDNs, support for IPv6 and the addition of new TLDs.

As a result of the study it is found DNSSEC will have the largest impact to the root zone and is suggested that DNSSEC be added prior to the addition of IDNs, IPv6 and new TLDs. While the addition of new TLDs will have an increased entry of 1 per new TLD, the implementation of DNSSEC results in a increase of the root zone data by 4.

Another way of looking at impact of changes is:

• New TLDs and IDNs will increase the number of TLD entries in the root zone.

• New TLDs, DNSSEC, IPv6 and IDNs will, in their own right, will increase the size of the root file.

• DNSSEC, IDNs and IPv6 will increase the amount of data required for each TLD.

• DNSSEC and IPv6 will increase the number of variables per TLD.

• DNSSEC and IPv6 will increase the number of changes per TLD per year.

Click here for more information.

Security Just Got A Lot More Complicated

Remaining undiscovered for more than a year, security researchers stumbled across an new form of malicious software. Known as Induc, this innovative piece of malware performs its nasty business through the use of a compiler. Induc infects compiled code while leaving a program’s source code alone. So while the source code looks fine the malware resides in the unreadable compiled code. Induc currently operates upon Delphi, versions 4.0 to 7.0. What makes this harmful is the malicious code can reside in complied code that has been digitally signed since the source code has remained untouched.

Click here for more information.

Facebook app flaws create Trojan download risk

A Romanian hacker has discovered Facebook applications that have cross-site scripting vulnerabilities. Five applications developed by Newscloud have been discovered to have the vulnerability. At this point access to the five applications have been blocked by Newscloud.

Click here for more information.

FCC chairman proposes Net neutrality rules

Net neutrality is, “…not about government regulation of the Internet. It’s about fair rules of the road for companies that control access to the Internet” says FCC Chairman, Julius Genachowski.

October is the expected timeframe for when an FCC panel will vote on adopting general guidelines into official commission rules.

The six principles that may be turned into official commission rules are:

1. “Accessing content. The first rule states that consumers should not be limited in the content they choose to view online, as long as it’s legal.”
2. “Using applications. Internet users should be able to run any application they want as long as they don’t exceed service plan limitations or harm the provider’s network. ”
3. “Attaching personal devices. Consumers should be permitted to connect products they buy to their Internet connection, as long as the devices operate within the service plan and do not harm the network or enable theft of service. ”
4. “Obtaining service plan information. Customers should be able to easily review their options when buying Internet service plans and learn about how those plans protect against spyware and other invasions of privacy. ”
5. “New rule: Non-discrimination. Internet providers would be prohibited from selectively blocking or slowing Web content or applications. ”
6. “New rule: Transparency. Providers would be required to make their network management practices clear and available to consumers. ”

Click here for more information.

Tech Insight: How To Make Business Partner Security Work

In a study of 500 data breaches over the last 4 years, 57% involved partner networks used by an external attacker. Understanding what data partners need to have access to and at what times can allow access to be tightened, thus mitigating damage due to data breaches.

Click here for more information.