Plugging the giant security hole in the world wide web

Font Size

Print

Feedback

Email

Discuss

Related Articles

Web addresses to get more leewayYahoo board to discuss Microsoft offerFoundation behind Wikipedia hires a felon as COOMicrosoft, Google, Yahoo to settle gambling claims

: India has taken a lead in fixing the latest security hole that is threatening massive hacking and phishing attacks. It is among the first five countries worldwide and the first in Asia to have decided on adopting the new security extensions being pushed by the organisation overseeing website allocations globally, ICANN (Internet Corporation for Assigned Names and Numbers).

“We have decided to set up a testbed with few select Internet service providers, Internet registrars and banks in a few weeks. After that, we will roll it out for the entire .in registry,” confirms Rajesh Agarwal, additional CEO, National Internet Exchange of India (Nixi). Gov.in domain names will be the first to implement DNS SEC extensions. This will secure websites on .in—India’s top-level domain on the Internet. It has more than 4,50,000 registrations.

Almost a month after the warning of vulnerability in Internet’s heart, a large part of the online world remains at risk. Not only does the security hole permit hackers to force people to visit websites they didn’t want to, it also allows them to intercept email messages. The underlying flaw is in the domain name system (DNS), a network of millions of servers that translate words typed in web browsers into numerical codes that computers can understand.

Large tech companies have already built patches or software tweaks that make the design flaw harder to exploit, but these are only temporary fixes. DNS SEC, a set of security extensions for name servers, is widely seen as the only known complete fix.

“Patches that can be freely downloaded on the Internet are not insignificant. They are far better than not putting anything on your network. But if India goes for signing .in root files with a particular digital signature, then they can’t be hijacked,” says Steve Crocker, chairperson, ICANN security and stability advisory committee. Earlier this week, he met several Indian CIOs and ministry of IT officials and explained the Internet vulnerabilities discovered last week and security solutions at a workshop jointly conducted by Cert in and Nixi.