UA-9726592-1

Thursday, July 29, 2010

Times of India: ICANN to encrypt Internet URLs

LAS VEGAS: The internet has undergone a key upgrade that promises to stop cyber criminals from using fake websites. this will prevent phishing attacks that dupe people into downloading viruses or revealing personal data.

The agency in charge of managing internet addresses teamed with online security services firm VeriSign and the US department of commerce to give websites encrypted identification to prove they are legitimate.

"This is, by any measure, an historic development," ICANN chief executive Rod Beckstrom said while breaking the news at a premier Black Hat computer security conference in Las Vegas on Wednesday. "This security upgrade matters to everyone who uses a computer, and that means most of us."

The Domain Name System Security Extensions, referred to as DNSSEC, basically adds a secret, identifying code to each website address. The domain name system is where the world’s internet addresses are registered and plays a key role in enabling computers around the world to speak with one another online.

Applications commonly used on the internet can be tailored to essentially check the ID of a website to make certain it is what it claims to be, according to Dan Kaminsky, a hacker turned computer security specialist.

For example, web browser software such as Google or Bing could be adapted to tell whether a bank log-in page is authentic. "When a user receives an email from a bank they should know it came from a bank," Kaminsky said. "This is something we needed as engineers to make this a reality."

A frightening structural flaw in the foundation of the internet revealed by Kaminsky at Black Hat here two years earlier led to the "biggest structural" upgrade to web in decades, according to Beckstrom. Internet engineers have been toiling on DNSSEC for 18 years, but technical and political obstacles stalled progress.

It will take time for internet firms to take advantage of DNSSEC and for it to be applied to local domains in every country, according to Kaminsky.

A standard technique is to create a new web site that uses foreign character like the Russian Cyrillic characters that look identical to the English alphabet. The phishers then duplicate the home page of a target web site like a bank with the spoofed URL.

The phisher then sends out email on a distribution lsit asking people to re-authenticate their account passwords. Once a person logs into the bogus web site with their user name and password, the phishers quickly drain the bank account of the victim and disappear. 


Subscribe to the Rightardia feed: feeds.feedburner.com/blogspot/IGiu

Netcraft rank: 14896
http://toolbar.netcraft.com/site_report?url=http://rightardia.blogspot.com


No comments: