DNSSEC News: U.S. misses DNS security deadline

The federal government missed its first deadline for rolling out DNS security mechanisms on its .gov top-level domain. Federal officials now say they will cryptographically sign .gov by the end of February, one month behind their original schedule.

Federal agencies were required to deploy DNS Security Extensions (DNSSEC) on the .gov top-level domain by January 2009 and on all sub-domains by December 2009 under an Office of Management and Budget (OMB) mandate issued last year.

DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites. The Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.

DNSSEC is the only foolproof way to prevent cache poisoning attacks, where a hacker redirects traffic from a legitimate Web site to a fake one without the user knowing. These attacks are a result of a significant DNS flaw known as the Kaminsky Bug, which was discovered this summer.

The U.S. General Services Administration (GSA) said Monday that it will deploy DNSSEC on .gov by the end of February. Read more...