The DNS TXT resource record is the one that without doubt provide users with the most flexibility of content, as it is a largely unstructured. Although it might be the ideal basis for storing any form of text-based information, it also poses a security threat, as TXT records can also be used for malicious and unintended practices. Yet, we reckon that TXT records are often overlooked in security research. In this paper, we present the first structured study of the uses of TXT records, with a specific focus on security implications.

The possibility to include Unicode characters in domain names allows users to deal with domains in their regional languages. This is done by introducing Internationalized Domain Names (IDN). However, the visual similarity between different Unicode characters - called homoglyphs - is a potential security threat, as visually similar domain names are often used in phishing attacks. Timely detection of suspicious homograph domain names is an important step towards preventing sophisticated attacks, since this can prevent unaware users to access those homograph domains that actually carry malicious content.

The fourth publication for the TIDE project. The FIRST talk (see here) has been extended into a journal paper for Digital Threats: Research and Practice (DTRAP). In this paper we argue that we, as a security community, should move towards proactive security. However, we shed light on both sides of the coin. We think the ‘optimal’ way is to combine the reactive and proactive methods, to make use of the best of both worlds.

If you know me in real life you might know that I am a Star Wars fan (my nickname is a hint…). Couple of days ago I stumbled across a nice video. In this YouTube video David Welch explains in great detail how the editing team of Star Wars saved the movie. I never knew how much difference was between what was actually shot and how we know the film today.

As of August the 30th I may call myself a Master of Science (MSc.). At that date I have successfully defended my thesis titled “Combating Snowshoe Spam with Fire”. People have often asked if ‘Fire’ is some kind of an acronym, it ain’t 😉 In the thesis we detail how DNS configurations may be used to track down snowshoe spam domains. Snowshoe spam spreads out the sending over a great number of hosts to reduce the volume per host, making the individual hosts harder to detect and blacklist.