July 29, 2010

Internet Upgrade Could Combat Malicious Attacks

The Internet has received an upgrade that will help stop cyber criminals from using fake websites that trick people into downloading viruses or revealing personal data, according to a recent AFP report.

The agency in charge of managing Internet addresses teamed up with online security firm VeriSign and U.S. Department of Commerce to give websites encrypted identification to prove they are legitimate.

"This is, by any measure, an historic development," ICANN chief executive Rod Beckstrom said while breaking the news at a premier Black Hat computer security conference in Las Vegas on Wednesday.

"This security upgrade matters to everyone who uses a computer, and that means most of us."

The Domain Name System Security Extensions (DNSSEC) basically adds a secret, identifying code to each website address.

The domain name system is where the Internet addresses of the world are registered.  It plays a key role in enabling computers worldwide to speak to one another through the Internet.

According to Dan Kaminsky, a hacker turned computer security specialist, applications commonly used on the Internet can be tailored to essentially check the ID of a website to make certain it is what it claims to be.

"When a user receives an email from a bank they should know it came from a bank," Kaminsky said. "This is something we needed as engineers to make this a reality."

According to Beckstrom, Kaminsky revealed a structural flaw in the foundation of the Internet at Black Hat two years ago, which led to the "biggest structural" upgrade to the Internet in decades.

"I can't say I really knew what I was getting into when I broke that whole DNS thing," Kaminsky quipped as he took part in a press conference announcing the Internet improvement.

Kaminsky is chief scientist at New York start-up Recursion Ventures and worked with ICANN and VeriSign on the Internet upgrade.

Internet Engineering Task Force chairman Russ Housely said in a video call from a meeting of the group in Netherlands that engineers have been toiling on DNSSEC for 18 years, but technical and political obstacles stalled progress.

"It can be thought of as tamper-proof packaging for the domain name structure," Housely told AFP news.

"The whole Internet engineering community is excited by this development."

According to Kaminsky, it will take time for Internet firms to take advantage of DNSSEC and for it to be applied to local domains in every country.

"We are on Day One of a multi-year journey," Kaminsky said.

DNSSEC strips cyber criminals of being able to perform attacks that involve manipulating code to redirect people from legitimate websites to fake pages rigged with malicious code.

"This provides a high level of protection with minimal disruption," VeriSign chief executive Mark McLaughlin told AFP.

"It is not a panacea for everything, but it is a good start."


On the Net: