The organization that oversees the Internet's unique identifier naming system has joined forces with the U.S. Department of Commerce and secure infrastructure specialist Verisign Inc. to try and make our online lives a little safer. The Internet Corporation For Assigned Names and Numbers (ICANN) has revealed that a solution has been found to a flaw in the security of the domain name system. The collaboration has announced the deployment of a new security extension to make sure that our website addressing requests are not hijacked by dishonest types looking to steal our savings.
The Internet's domain name system is like a huge virtual telephone directory for our online world. Each website has a unique Internet address to make sure that folks looking for a particular page are routed to the correct one and don't end up involuntarily playing the website equivalent of chatroulette. Billions of Internet users consult the system up to a trillion times every day to take our hyperlink clicks or what we type into a browser's address box, translate it into a website location and send us to our desired destination.
A couple of years ago, online security specialist Dan Kaminsky made worldwide headlines after he discovered a flaw in the security of this system. The discovery highlighted two methods which could be used to hijack our page requests and redirect us to fake websites containing malicious code or allow criminals to pretend to be us.
Now a solution has been found and the collaboration of Internet interests has unveiled the deployment of a new security extension to domain names. The Domain Name System Security Extensions (DNSSEC) uses sophisticated public key cryptography to help protect users from two types of online attack.
Cache poisoning and man-in-the-middle attacks
Typing an address into a browser's URL box usually results in the requested website appearing moments later. The domain name system locally saves details of your request so that the next time it will be retrieved faster. However, if your request has been intercepted and diverted to a fake website, possibly containing hidden malicious code such as malware or spyware, then this cached data is considered poisoned.
When a criminal intercepts a one-to-one communication and then continues the thread masquerading as one of the party, this is known as a man-in-the-middle attack. For example, if someone intercepted online contact with a bank and then pretended to be the customer long after the real one had logged out then a severe shrinking of personal wealth could result.
DNSSEC to the rescue
Once fully deployed, the new system will simply allow Internet users to be certain that the website they have landed at is the real McCoy and not a fortune-stealing fake. It's not claimed to be a magic solution to all online ills but, according to ICANN's president Rod Beckstrom: "it will have a real and positive impact on the security of the Internet. This is one important step forward in the fight against cyber crime."
Readers interested in a more technical overview of exactly how DNSSEC works can visit DNSSEC.net or Root DNSSEC.