Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Security United States

Feds Tighten DNS Security On .Gov 140

Posted by CmdrTaco from the totally-safe-we-promise dept.
alphadogg writes "When you file your taxes online, you want to be sure that the Web site you visit — www.irs.gov — is operated by the Internal Revenue Service and not a scam artist. By the end of next year, you can be confident that every U.S. government Web page is being served up by the appropriate agency. That's because the feds have launched the largest-ever rollout of a new authentication mechanism for the Internet's DNS. All federal agencies are deploying DNS Security Extensions (DNSSEC) on the .gov top-level domain, and some expect that once that rollout is complete, banks and other businesses might be encouraged to follow suit for their sites. DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites. The Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption."
This discussion has been archived. No new comments can be posted.

Feds Tighten DNS Security On .Gov More

Feds Tighten DNS Security On .Gov

Comments Filter:

  • Just what they want you to think (Score:4, Insightful)

    by Punko ( 784684 ) on Monday September 22, 2008 @09:14AM (#25102805)
    "you can be confident that every U.S. government Web page is being served up by the appropriate agency."

    The easiest way entrap a victim is to promote a feeling of security.

    Nothing says 'rob me blind' than 'trust us'.

  • Glad they fixed that (Score:2, Insightful)

    by Anonymous Coward on Monday September 22, 2008 @09:16AM (#25102837)
    Now I can be sure I'm giving the IRS my money and not some other scam artist. I mean, not some scam artist. (:

  • Now if only... (Score:3, Insightful)

    by InvisblePinkUnicorn ( 1126837 ) on Monday September 22, 2008 @09:29AM (#25103023)
    Now, if only we could be confident about exactly where our taxes are going...

  • SSL, anyone? (Score:3, Insightful)

    by SanityInAnarchy ( 655584 ) <ninja@slaphack.com> on Monday September 22, 2008 @09:36AM (#25103105) Journal

    What does DNSSEC buy me if I use https?

    And if irs.gov isn't supporting https, wouldn't that be the place to start, rather than DNSSEC?

  • HOORAY. This is a GOOD THING. (Score:4, Insightful)

    by dwheeler ( 321049 ) on Monday September 22, 2008 @09:54AM (#25103317) Homepage Journal
    This won't solve all the problems of the universe, but this is a GOOD THING. Securing DNS is absolutely critical to making the Internet a safer place. If I type in "irs.gov", I want to go to "irs.gov", not some spam site, and this helps me get there. DNSSEC can provide IP addresses with a strong guarantee that the IP addresses are actually correct. DNSSEC can even provide other keys, and make it possible to EASILY send secure emails without having to do a key exchange ahead-of-time. See, for example: http://www.dwheeler.com/essays/easy-email-sec.html [dwheeler.com]

  • Re:Banks? (Score:3, Insightful)

    by Chyeld ( 713439 ) <chyeld@gmaiBOYSENl.com minus berry> on Monday September 22, 2008 @11:10AM (#25104589)

    Why? Don't we have enough laws that attempt to legislate technology? Yes it's a desirable technology, but do we really need to be chained to it with a law that two decades from now will solely be an obstacle to implementing the next new desirable technology?

    Banks and other businesses will move to it once they see a good business case in doing so. Let that decide matters.

    Please understand, I'm not a laissez faire sort of fellow most of the time. But if you have the government start trying to decide how the core mechanics of the internet work, and I guareentee you whatever small benefit you gain from the initial decision will be drowned out by the stagnation that results later on.

  • Re:Just what they want you to think (Score:5, Insightful)

    by jonaskoelker ( 922170 ) <jonaskoelker@nospaM.yahoo.com> on Monday September 22, 2008 @02:03PM (#25107753)

    "you can be confident that every U.S. government Web page is being served up by the appropriate agency."

    The easiest way entrap a victim is to promote a feeling of security.

    I would venture a guess: any visitor to *.gov who doesn't know what a packet is (i.e. at least 95% of the public) will already feel secure. Also, since the difference between secure DNS and insecure DNS will be absolutely invisible to them (presumably), they won't feel any more or less secure now. Or they won't know what the difference between the green padlock and the yellow padlock is. At any mention of the secure DNS in the press, these 95% of visitors will have forgotten about it the next day [just as I might].

    Bottom line: no one who doesn't deal with computers either professionally or as a hobby will notice. Their feeling of security will be unaffected.

  • Re:Banks? (Score:3, Insightful)

    by AnyoneEB ( 574727 ) on Monday September 22, 2008 @03:58PM (#25109721) Homepage
    He is giving an example an attacker getting access to his debit card and the bank taking no liability for it. You are free to complain about him whining because you think he should be the one liable not the bank (that is a different, irrelevant argument), but the topic of discussion is that the bank customer is liable not the bank. This means the bank has no incentive to improve their security. In fact, better security probably costs more -- at least the cost of paying someone to figure out how to fix problems with their current procedures -- so they have a direct financial incentive to keep the security at the current status quo. Although, if the other banks improve, competition may force them to make changes.

Slashdot Top Deals

If God had not given us sticky tape, it would have been necessary to invent it.

Close