Analytics
6/23/2014
01:50 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

DNS Pioneer Founds New Security Startup

Paul Vixie launches Farsight Security, aimed at catching domain abuse early in the lifecycle.

Farsight Security today came out of stealth mode with a service that spots potentially malicious new domain names as a way to fight spam and cybercrime activity.

At the helm is DNS pioneer Paul Vixie, the principal author of the pervasive BIND DNS server software and creator of several DNS standards. This is Vixie's first commercial gig after nearly 20 years as founder, chairman, and president of the nonprofit Internet Systems Consortium.

Farsight Security's first offering, also announced today, is Newly Observed Domains (NOD), which provides real-time contextual intelligence about newly created domain names for reputation and threat feeds such as indicators of compromise, whitelists, and blacklists.

"There's no tool on the market for that," Vixie says. The goal of NOD and Farsight's strategy is to make threat intelligence more useful and actionable, according to Vixie.

Tens of thousands of domains are born daily, many of which are for spamming or cyber criminals' infrastructure. According to Farsight, 10% of spam uses domains that are less than 10 minutes old, and the bad guys are regularly registering new domain names to keep their operations up and running and out of reach by law enforcement.

"60% of spammers used domain names that are less than 24 hours old," Vixie says.

"Too many [vendors] are selling threat intelligence feeds... and they are not working," he says. "We’re trying to change the game... We sell context so people can make their own determinations and make [decisions] reliably. We have eyeballs on the ground: this is what we saw, this is what we know."

"I spent most of the 1980s and 1990s making the Internet bigger and easier to use, but unfortunately, the criminals came along for the ride," Vixie says. "We're looking at a day we can tear down criminal infrastructure as fast or faster than it's built."

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/23/2014 | 7:14:17 PM
Re: Great Thinking
@Robert McDougal

While I love the idea of Paul being an uber-lord of the Internet, I wonder how much whois information is actually available to private, non-government parties? Now, I've seen scripts that comb whois records, and for those that are private, tries matches through Google searches of like info (users with emails matching the info@ or admin@ of the domain), etc. Essentially a hack to pull as much information together with what is already out there as possible toward identifying the registrar and populating a database.  Hard to imagine a private party can get much more detailed information legally, unless Mr. Vixie is tied into PRISM... :-)
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
6/23/2014 | 6:57:53 PM
Re: Great Thinking
This is awesome!  I imagine Mr. Vixie is leveraging his contacts within the domain registrars to pull this off.  I'm not sure if an average startup company could have provided this service.  Maybe I am wrong but to be able to access that information so quickly I would assume he would need access to information only available to the domain registrars.
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
6/23/2014 | 4:16:45 PM
Re: Great Thinking
What's interesting here is focusing on newly created domains and trying to stop them from getting established by the bad guys so quickly. And it's cool that DNS mavens Vixie and Mockapetris are behind this venture.
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
6/23/2014 | 3:54:34 PM
"Criminals came along for the rid"
Great quote: "I spent most of the 1980s and 1990s making the Internet bigger and easier to use, but unfortunately, the criminals came along for the ride," 
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/23/2014 | 3:31:12 PM
Great Thinking
Kudos, Mr. Vixie. "We're looking at a day we can tear down criminal infrastructure as fast or faster than it's built." This is a great way of thinking and hopefully one we can propagate across organizations.  Creating a database from this activity will help law enforcement and others in the cyber security industry work more efficiently with access to historic criminal domain activity.  Of course, as soon as this gets underway, the "dark side" will respond, but I assume Farsight processes and technology are designed to be as malleable as the cyber criminals are... 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?