Thursday, August 14, 2008

Critical security internet security risk ignored

Wired shares with us the story about why a critical internet security issue has so far not been addressed by the US agency responsible for it.

Experts Accuse Bush Administration of Foot-Dragging on DNS Security Hole

Despite a recent high-profile vulnerability that showed the net could be hacked in minutes, the domain name system -- a key internet infrastructure -- continues to suffer from a serious security weakness, thanks to bureaucratic inertia at the U.S. government agency in charge, security experts say.

If the complicated politics of internet governance continue to get in the way of upgrading the security of the net's core technology, the internet could turn into a carnival house of mirrors, where no URL or e-mail address could be trusted to be genuine, according to Bill Woodcock, research director at the nonprofit Packet Clearing House

DNS stands for Domain Name System, and is one of the key components of our daily usages of the internet. Simply put, it's the system that translates the domain names we enter in the browser into what server we need to go to - it can be viewed as a phonebook for the internet which the browsers use to call correctly (for a more technical explanation, see Wikipedia's article on DNS).

The recently found flaw allows hackers to insert false information into the DNS, sending all traffic to a given site to the wrong place, allowing much more advanced, and undetectable, phishing than currently possible.

There is a solution to the problem, but due to bureaucracy, it hasn't been implemented yet. According to the Wired article, this is at least partially because the solution is perceived as reducing US influence on the internet. If that's the case, then it's totally irresponsible, and a major argument why a pan-national organization should take over running these things.

Labels: , , ,


Post a Comment

<< Home