Day two of Domain Pulse 2008 last Friday (see review of day one) focused on online security issues giving the techies amongst us details of security issues, and the more policy-orientated amongst us something to chew on in a few other presentations. Kieren McCarthy, these days of ICANN, also gave some insights into the drawn out sex.com drama with more twists and turns than the average soap opera has in a year! And Randy Bush outlined the problems with IPv6. Among other presentations… More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back

The Internet Governance Project has unearthed a consultancy report to the U.S. Department of Homeland Security (DHS) that makes it clear that the issue of root signing and DNSSEC key management has been recognized as a political issue within the US government for long time. More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back

After looking at the state of DNSSEC in some detail a little over a year ago in 2006, I’ve been intending to come back to DNSSEC to see if anything has changed, for better or worse, in the intervening period… To recap, DNSSEC is an approach to adding some “security” into the DNS. The underlying motivation here is that the DNS represents a rather obvious gaping hole in the overall security picture of the Internet, although it is by no means the only rather significant vulnerability in the entire system. One of the more effective methods of a convert attack in this space is to attack at the level of the DNS by inserting fake responses in place of the actual DNS response. More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back

According to a recent Dark Reading report, security experts say the overall lack of DNSSec adoption today is due to the standard’s inherent complexity, which has kept it off the radar screen for most organizations. From the report: And much of the knowledge gap in DNS security is for administrative reasons, security analysts say. “DNS is a black art, and few have the skills and resources to do it well,” says Robert Whiteley, Forrester Research. “And no one group consistently ‘owns’ it — applications, networking, and server teams often own pieces of it, and it doesn’t receive appropriate funding because it’s a shared asset.” More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back

I was talking to my good friend Verner Entwhistle the other day when he suddenly turned to me and said “I don’t think we need DNSSEC”. Sharp intake of breath. Transpired after a long and involved discussion his case boiled down to four points: 1. SSL provides known and trusted security, DNSSEC is superfluous, 2. DNSSEC is complex and potentially prone to errors, 3. DNSSEC makes DoS attacks worse, 4. DNSSEC does not solve the last mile problem. Let’s take them one at a time… More…

Original post by submitnews@thewhir.com and software by Elliott Back

The Internet is slowly inching closer to ratcheting up the security of its Domain Name System (DNS) server architecture: The Internet Corporation for Assigned Names and Numbers (ICANN ) plans to go operational with DNSSEC later this year in one of its domains. More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back

Two US Government contractors and the National Institute of Science and Technology have released a white paper, “Statement of Needed Internet Capability,” detailing possible alternatives and considerations for a Trust Anchor Repository (TAR) to support DNSSEC deployment. The document was released through the DNSSEC-Deployment Group this week with a request that it be circulated as widely as possible to gather feedback. A Trust Anchor Repository (TAR) refers to the concept of a DNS resource record store that contains secure entry point keys… More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back

A fundamental flaw in the design of the Domain Name System (DNS) was found earlier this year by security researcher Dan Kaminsky, renowned Internet Security expert. Researchers say they will fully describe the vulnerability in 30 days, after companies that operate web sites or Internet service providers can put the patches in place. The flaw is big enough that Kaminsky and other companies involved brought in government agencies such as the Department of Homeland Security and the U.S. Computer Emergency Response Team. Until the announcement today, experts had been quietly working of coordinating a massive patch affecting all types DNS implementation. Experts emphasized during the press conference today that the flaw is within the DNS protocol and in no way specific to any particular vendor. A DNS checker tool is available on Kaminsky’s website located on the top right hand corner. More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back

Wow. It’s out. It’s finally, finally out… So there’s a bug in DNS, the name-to-address mapping system at the core of most Internet services. DNS goes bad, every website goes bad, and every email goes…somewhere. Not where it was supposed to… I’m pretty proud of what we accomplished here. We got Windows. We got Cisco IOS. We got Nominum. We got BIND 9, and when we couldn’t get BIND 8, we got Yahoo, the biggest BIND 8 deployment we knew of, to publicly commit to abandoning it entirely. It was a good day… More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back

A request by .ORG, The Public Interest Registry to bolster Internet security via the implementation of Domain Name Security Extensions (DNSSEC) was unanimously approved by ICANN at the recent Paris meeting. As the first generic Top Level Domain authorized to implement DNSSEC, .ORG also is preparing an education and adoption plan within the Internet infrastructure community. More…

Original post by submitnews@thewhir.com (Web Hosting’s Premier Daily News) and software by Elliott Back