dnssec
Latest
Internet gatekeeper warns of 'ongoing and significant' DNS attacks
If you ask one key organization, part of the internet's very backbone is under assault. ICANN, the company vital to managing many internet addresses, has warned of "ongoing and significant" risks to the Domain Name System infrastructure. There have been escalating reports of attacks on DNS, ICANN said, including hijacking attempts that point domain visitors to rogue servers. Some of these appear to have been state-sponsored attacks from Iran, while others have targeted the US as well as friendlier countries like Lebanon and the UAE.
Nominet proposes more secure .UK domain for British websites
Nominet is considering a .uk internet domain for users who can't bear to type the extra three characters necessary for .co.uk. The body is lobbying for the new domain in time for ICANN's next TLD expansion, which includes new entries like .shop, .play and .home. Nominet has promised tough entry requirements for the system, with only businesses (or persons) that can prove a UK presence being eligible to register. It'll also be around four times more expensive, with the extra charges going to pay for daily malware scanning to prevent domain spoofing and a donation to a trust to improve web security. If you're an interested party, you can offer your tuppence-worth at the organization's official public consultation which runs until January 7th 2013.
Comcast network upgrade blocks DNS blocking, could make SOPA self-incompatible
Now here's a quirky twist in the ongoing SOPA opera. Comcast has just deployed DNSSEC technology across its entire internet service, which adds an extra layer of security to websites by checking that they have a special DNS signature to prove their identity. All well and good, except that in the process Comcast has been forced to admit that DNSSEC is "technically incompatible" with DNS redirect tools -- which happen to be precisely the tools that the Stop Online Piracy Act would use to block websites accused of copyright violation. The irony only deepens when you realize that Comcast is a major proponent of SOPA and, if anything, ought to be able to comply with its future edicts.
The SOPAbox: Defeating online piracy by destroying the internet
Disclaimer: The Soapbox column is entirely the opinion of this week's writer and does not necessarily reflect the views of Massively as a whole. If you're afraid of opinions other than your own, you might want to skip this column. Unless you've been living under a rock, chances are you've heard of SOPA and PIPA. The Stop Online Piracy Act and PROTECT IP Act are two radical pieces of copyright legislation currently being pushed through the US government. Although the stated intent of the new legislation is to provide companies with additional tools with which to combat piracy, the bill's loose wording has raised some serious alarm bells. Opponents to the proposed law say it would give corporations the ability to shut down any almost any website under the guise of protecting copyright infringement. Gamers will be affected worst of all, as the loose wording of the law makes any website with user-submitted content potentially vulnerable to a shut down order. That could include YouTube, Facebook, Twitter, any blog with a comment section, or even any online game with a chat system. Perhaps the scariest part is that you'll be affected even if you're not in the US, as one of the new law's enforcement mechanisms is to remove a site from the DNS records, a move that assumes the US has jurisdiction over the global Domain Name System. AOL is among many huge companies strongly opposing SOPA, and so naturally Massively opposes it too. In this week's massive two-page Soapbox, I make the case for why you should be worried about SOPA, and I suggest what can be done to tackle piracy in the games industry. Comments can be left on page two.
Seven physical keys serve as the internet's horcrux
The internet may not have a kill switch, but there really are a set of keys, developed by ICANN in case of digital catastrophe. Seven keyholders across the world hold smart cards like the ones you see above, each with a piece of the DNSSEC's recovery key. What's that, you say? We're glad you asked -- DNSSEC's an initiative to make sure websites are who they say. To do that, it needs a way of authenticating domain names with a cryptographic master key, and a replacement copy of that key is the item these individuals are safeguarding. Even banded together, the individuals have no power over the internet at large -- the tokens simply allow the world to reboot the authentication system in case ICANN's two facilities happen to simultaneously go down. Policies and procedures dictating how this all works sadly include neither demonic keymasters nor secret societies, but you're welcome to hit up our more coverage link for the deep dive.
