ReadWriteWeb

OpenDNS announced a technology preview today for Macs running their DNS services called DNSCrypt. Think of this as doing for the DNS protocol what HTTPS does for the Web protocols. Like its mainline service, it is freely available, and Windows and Linux versions are promised for next year. You can download the code here for the Mac OS. They will eventually post all of their code on GitHub for public scrutiny.

The Internet Systems Consortium (ISC) is reporting a major vulnerability in BIND 9, with an apparent exploit in the wild. According to the announcement, servers running BIND 9 and performing recursive queries should upgrade immediately.

The actual exploit for this vulnerability is not yet reported. ISC says that it will cause a resolver to cache an invalid record, then crash when responding to queries that request that record.

Our article earlier this week about the frequency of DNS exploits has already come back in the news, in the wake of shutting down one of the the longest running and most costly botnets in history by the FBI earlier this week. The network, called Esthost, supposedly claimed an estimated four to five million victims and fleeced them somewhere around $14 million. All of that was due to 100 rogue DNS servers that were used to redirect massive amounts of traffic from the infected computers. The operation, dubbed Ghost Click by the FBI, raided two data centers in New York and Chicago, along with arresting people in Tartu, Estonia.

If you ever needed ammunition for your management about getting better network-based defenses for your enterprise, a new study by F5 Networks should help you. Earlier this fall, the company asked 1000 IT managers from around the world about their existing security measures and the cost of various exploits that they have observed over the past year. Strikingly, 100% of them have observed DNS attacks and nearly as many have observed denial of service attacks, both of which are worrisome.

Our social Web is a busy, data-intensive place. Twitter sees 1 billion tweets in a week, Facebook now has 800 million users, and those are just the big players, neither of which was around eight years ago. The social Web is still relatively young, and growing.

Like the Web itself, baked into the heart of much of our social experience is the good, old fashioned hyperlink. The only difference is that the social Web requires shorter links, which simplifies them visually, but adds another technical layer between users and the content they're trying to access.

His vision was to internationalize the oversight body of the Internet naming system, to structure it less like a spider and more like a starfish. (A starfish, you see, can regrow lost limbs.) To some extent, the dashing security expert Rod Beckstrom has accomplished that as President and CEO of ICANN since mid-2009, most notably by removing the U.S. Dept. of Commerce from its direct oversight role over ICANN.

Come the end of his term next July, Beckstrom will leave the President and CEO role of ICANN, presumably to resume his career as a world-renowned security expert. But in the twilight period of his term he may have to fight at least two more significant battles, neither of which may conclude before his departure. First and foremost is ICANN's adoption of a controversial generic top-level domain (gTLD) plan for the domain name system - one which would give any applicant with $185,000 to spare (PDF available here) a new root domain of its own alongside .com, .net, and .org.

The Protect IP Act is a bill proposed by Sen. Patrick Leahy of Vermont as replacement for the failed Combating Online Infringement and Counterfeits Act (COICA). The bill was passed by committee today but blocked by Sen. Ron Wyden of Oregon. Wyden also blocked COICA.

Among the various proposals in the act is one that would use The Domain Name System (DNS) to block blacklisted websites. This element of the proposal has come under fire from several security researchers who have published a paper titled Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill.

As this week's Amazon Web Services outage demonstrated, Website uptime is not something to be taken for granted.

Whether it's caused by a service provider going down, a DDoS attack or a sudden surge in traffic, having your Website go down can knock the wind out of your business. Most bigger organizations can recover from an outage, but for small and medium-sized businesses, even an hour of downtime can cost you in terms of revenue, not to mention customer patience and loyalty. For smaller operations, a major outage could spell the end of the business.

It's not our normal beat to cover so much breaking news on ReadWriteCloud, but U.S. Senator Joseph Lieberman has changed that with his attacks on Wikileaks and the threats he has made to the technology community.

We've seen a cascading series of events culminating tonight with Wikileaks losing its DNS. That means if you are in the United States, you can't access the Wikileaks website. According to EveryDNS.net:

With the news of Pirate Bay convictions upheld in Sweden, website seizures in the U.S., and now threats to "do something" about Wikileaks, it's no surprise that there are now calls for an alternative DNS, one outside the reach of governments and of ICANN.

The DNS, or Domain Name System, is one of the foundational elements of the Internet, responsible for translating the numbers in IP addresses to the more human-friendly names. And ICANN, the Internet Corporation for Assigned Names and Numbers, is a nonprofit organization tasked with managing both the IPv4 and IPv6 Internet Protocol address spaces, maintaining the registries of IP identifiers, and managing top-level domain names.