Home / Blogs

DNS Insecurity

  • Mar 23, 2009 9:12 PM PST
  • Comments: 0
  • Views: 2,735
Print Comment
By Paul Parisi
Paul Parisi

The Internet as we know it and use it today — is broken, badly broken. Yes broken so much so that we are really crazy to have any expectations of privacy or security. Yes, really. The Internet was conceived as somewhat of a utopian environment, one where we all keep our doors, windows and cars unlocked and we trust all the people and machines out there to "do the right thing...". Because of the way it (the Internet) started, we did not have a need, nor an expectation that the information flowing on might need security, further and more extreme was the fact that the mechanics of the Internet did not take security into account. This is not the fault of those who invented the Internet. It was not part of the design spec. Having said that, whose fault is our situation? It is those people who are using the Internet for commerce and exchange of and access to critical data. Suitability of design is one of the most important concepts. Recently at the checkout at Home Depot I saw a key ring that looked like a carabiner hook, but it very clearly said, stamped directly into the metal "NOT FOR CLIMBING" — the Internet (as it is today) should have very clearly stamped into it "NOT FOR PRIVACY OR COMMERCE, USE AT YOUR OWN RISK".

So lets talk a little bit about DNS. DNS is an amazing invention (born twenty five years ago). It is the largest distributed dynamic database ever built and it works day-in and day-out. It has scaled beyond any expectations. DNS has the somewhat simple task of converting human readable domain names (i.e. www.amazon.com) and hosts into IP addresses (137.8.77.1). So what is wrong with it if it works so well? Specifically, it was not designed with security in mind. When you ask a question of a DNS server you implicitly trust the answer it gives you. Malicious people can manipulate the system to give you bad answers, directing you to a bad site that could steal your data. DNSSEC attempts to fix this by helping to authenticate the source of the data you get. This helps but does not address all of the issues.

Next time, what specifically is broken and how do we fix it…

By Paul Parisi, Chief Technology Officer at DNSstuff.com

Related topics: Cyberattack, Cybercrime, DNS, DNSSEC, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

What Does It Take To Repair Trust? What Will It Take ICANN To Win Back "Trust"? (Part I)

  • Feb 08, 2012
  • Comments: 0

Is ICANN Opening up Public Comment Periods in Bad Faith?

  • Feb 07, 2012
  • Comments: 1

Phish or Fair?

  • Feb 07, 2012
  • Comments: 4

The FBI and Scotland Yard vs. Anonymous: Security Lessons

  • Feb 06, 2012
  • Comments: 0

World Notices That Verisign Said Three Months Ago That They Had a Security Breach Two Years Ago

  • Feb 02, 2012
  • Comments: 2
View More

Related News

DNSChanger Trojan Still Running on Half of Fortune 500s, US Govt

  • Feb 02, 2012
  • Comments: 0

Public-Private Cooperation Policy for Cyber Security Suggested by Commissioner Kroes

  • Jan 31, 2012
  • Comments: 0

DDoS Attacks Increased by 2000% in Past 3 Years, Asia Generating Over Half of Recent Attacks

  • Jan 31, 2012
  • Comments: 0

NASA Website Blocked Due to DNSSEC Error

  • Jan 25, 2012
  • Comments: 0

Websites Go Dark Protesting SOPA and PIPA, Senators Change Course

  • Jan 18, 2012
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNSSECRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

.ORG COO Discusses Priorities With DailyVista, Pursuit of .NGO Domain

  • By PIR
  • Views: 392

StarHub to Acquire '.starhub' New Top-Level Domain

ARI Registry Services Signs 21 Contracts in the First Week of New TLD Applications

MarkMonitor to Exhibit at Internet Tech Policy Exhibition and Reception to be Held on Capitol Hill

Sedari Signs With Dot Moscow Bidders

.ORG, The Public Interest Registry Welcomes Nancy Gofus As Chief Operating Officer

  • By PIR
  • Views: 721

Minds+Machines Works with .bayern

Verisign to Award New Infrastructure Research Grants

Being a .PRO When Choosing a Registry Services Partner

UK Cabinet Office Looks to BlueCat Networks' Expertise and Best Practices for Securing PSN

dot Brand Makes Its Debut: Afilias Advises Companies to Act Now for Successful TLD Applications

BlueCat Networks Helps Organizations Transition to IPv6 with HP

BlueCat Networks to Host Webinar on DNS, DHCP and IPAM Featuring Independent Research Firm

Facets of gTLD Registry Technical Operations - Registry Services

Technology and Finance Industries to Dominate New gTLD Applications

Nixu SNS 2.5 Series Gives Fresh Views on DNS

Afilias Says "No" to SOPA

Breaking the DNS: Another Look at How SOPA Could Be Destructive

  • By Dyn
  • Views: 1,399

IPAM and DHCPv6 Shake Hand in Nixu NameSurfer 7.1 Series

2011: A Year in Review, from the Yes2DotAfrica Campaign

View More

Hot Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Neustar UltraDNS

DNS

Sponsored by
Neustar UltraDNS
Verisign

Security

Sponsored by
Verisign
Afilias

DNSSEC

Sponsored by
Afilias
View More