Feeds

Vixie warns: DNS Changer ‘blackouts’ inevitable

Father of BIND fears ISP crisis in July

Choosing a cloud hosting partner with confidence

Ridding the world of the DNS Changer is proving a long, slow process that won’t be accomplished by July 9, when the court orders granted to the FBI expire and infected users suffer their inevitable blackout.

That’s the bleak warning given by BIND father and ISC founder and chair Paul Vixie to the AusCERT security conference on the Gold Coast today, 17 May.

“Remediation, which has not worked, has taken many forms, which did not work,” Vixie drily noted.

The notorious “operation ghost click” is well-known and understood, having been analysed in the six months since arrest of the Estonians (Vladimir Tsatsin, Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev and Anton Ivanov) who hosted their ad-redirecting DNS on Rove Digital’s infrastructure.

Vixie said ISC’s ongoing research demonstrates that when the court order expires, there will still be in the vicinity of 300,000 DNS Changer-infected computers, in spite of the best efforts at remediation. Many users, Vixie said, are so untrusting and hostile that they resent being told they have a problem.

On the coming “dark day”, Vixie says, there’s a strong likelihood that ISPs will be swamped with help calls demanding to know what’s wrong. Had it been possible to do so, Vixie said, he would at least have contrived some way to “spread out the pain”, because “the way we’re doing it now, there will be no end to it.”

Although the DNS Changer incident emphasizes the importance of DNSSec, implementation is a slow process that depends on industry-wide cooperation.

He also took the opportunity to criticize the increasing willingness of governments to try and use misdirected DNS requests to enforce policies (such as porn-blocking or, in the case of Italy, blocking offshore gambling site).

“If it becomes popular [to use DNS] to block things that users want, they will move their DNS requests elsewhere.” The threat remains, however: SOPA-style legislation is still on the wish-list of entertainment lobbies, and will not leave the political agenda. ®

Beginner's guide to SSL certificates

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.