A big upgrade for the Internet's infrastructure could mean a safer place to surf and read email.
During the Black Hat 2010 security conference held in Las Vegas, Internet Corporation for Assigned Names and Numbers (ICANN) chairman and chief executive Rod Beckstrom revealed a global authentication platform for domain owners to use in order to certify themselves as the owner of a particular web page or email.
Called Domain Name System Security Extensions (DNSSEC), this system should eliminate many popular "spoofer" attacks that use fake emails and web pages to lure Internet users to legitimate-looking malware.
"DNSSEC was designed to protect the Internet from certain attacks, such as DNS cache poisoning," reads the official DNSSEC website. "It is a set of extensions to DNS, which provide: a) origin authentication of DNS data, b) data integrity, and c) authenticated denial of existence."
"What DNSSEC allows is that each party online can say not only am I sending you a mail but I can put a stamp on it so you can see it's real," explained Dan Kaminsky, the hacker who broke the existing DNS system. "This isn't something we've had the ability to do on a wide scale."
However both ICANN and Kaminsky realize that the new system isn't a cure-all. "It will eventually allow Internet users to know with certainty that they have been directed to the website they intended," ICANN said in a press release. "[But] DNSSEC isn’t an antidote to all Internet security problems. It does not ensure confidentiality of data or protect against denial of service or many other attacks. The best way to protect yourself online is still to use common sense."
The new system has already been integrated into the .org and .uk DNS, however ICANN is hoping that the low cost of entry--and the resulting security stemming from DNSSEC--will bring about a huge rollout.
For more information, here are a few additional resources provided by ICANN: