[ISN] Feds Start Moving on Net Security Hole

From: InfoSec News <alerts_at_private>
Date: Thu, 9 Oct 2008 03:01:15 -0500 (CDT)

By Ryan Singel 
Threat Level
October 08, 2008

Starting Thursday morning, the U.S. government is seeking comment on who 
should create and vouch for the internet's most crucial document -- the 
root zone file -- that serves as the cornerstone of the system that lets 
users get to websites and emails find their way to inboxes.

The non-profit ICANN, the for-profit Verisign and the Commerce 
Department's National Telecommunications and Information Administration 
all have different answers to what is a long-standing, and 
geopolitically charged internet governance question.

But the only thing that matters for the security of the internet is the 
speed that they answer the question, according to domain-name system 
expert Paul Vixie.

"We've got to get the root signed, it does not matter by whom," Vixie 
said by e-mail. "It's necessary simply that it be done, by someone, and 
that we stop anyone from arguing about whether letting someone hold the 
root key would make them king."

At issue is a massive net security hole that security researcher Dan 
Kaminsky discovered in early 2008 that was temporarily patched in July. 
If not given a complete fix soon, the vulnerability could allow so much 
net fraud that it would strip all trust from the internet users that any 
website they were visiting is the genuine article, experts say.

The only known complete fix is DNSSEC -- a set of security extensions 
for name servers. (That said, there are other effective defenses and 
OpenDNS, for one, protects users now.)


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Thu Oct 09 2008 - 01:01:15 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 09 2008 - 01:10:07 PDT