Security UpdateCategory: General News, Bugs / Virus
Posted: December 16, 2011 08:07AM
Instead of this post being a 'Viral Update' I’m making it a 'Security Update' because the focus is going to be less about viruses than previous updates.
A key part to the Internet is the Domain Name Server, DNS, which converts a domain name, like overclockersclub.com, into an IP address, 184.108.40.206. They are like phone books telling you where a company's building is by looking up the name. The content on a site is not always at a single IP address though. Continuing the phonebook analogy, the company warehouse could be in another city, but you don't necessarily see that from the phone book. This presents opportunities for hackers to intercept communications between a user and a server.
Since 2004 though, a part the Department of Homeland Security and its partners have been working on the Domain Name System Security Extensions (DNSSEC) project. This is to identify and validate these other servers. Already many registars have adopted DNSSEC and US military .mil sites are to be DNSSEC signed starting this month.
As a compliment to DNSSEC, OpenDNS, a leader in DNS security measures, has released its new DNSCrypt service as a "technology preview." Currently only available for Macs, this software will encrypt all of your DNS traffic. This is to prevent anyone from tampering with or otherwise intercepting communication between your computer and an OpenDNS server (obviously you will need to use its service to use the tool). This, so-called, "last mile" is quite vulnerable to man-in-the-middle attacks, especially as the information is sent in plain text, but both DNSSEC and DNSCrypt are steps towards securing it.