« January 2009 | Main | August 2009 »

February 2009

February 20, 2009

Kaminsky at Washington Blackhat: DNSSEC is needed

Dan Kaminsky spoke again at Blackhat/Washington about the dangers lurking in DNS, and this time he spent more time talking about DNSSEC.  He even mentioned our company, Secure64, because he feels that to make DNSSEC more widely deployed, we need to AUTOMATE, AUTOMATE, AUTOMATE.   We couldn't agree more!  A summary of his speech is in this article in Internet news .  For the time being, a complete copy of his presentation is at his doxpara.com web site.

It's well worth looking at Dan's slides because he goes into a lot of details and stories about not only how things can go wrong, but jut how wrong they can go.    And he calls a spade a spade.  About signing the root, about Trust Anchor Repositories, about the technical and political barriers to widespread adoption. 

But he posits that these are just temporary issues -- they are solvable.  DNSSEC can and must be widely deployed.  It's great to see Dan taking on more of an evangelist role!



Yup. 

Posted by Joe Gersch at 03:25 PM in Current Affairs, DNS / BIND / DNSSEC | | Comments (0) | TrackBack (0)

Technorati Tags: , , ,

|

February 18, 2009

Putting Wood Behind the Cyber-Security Arrow

Whether you agree or disagree with the recent legislation for stimulating the economy there are going to be some interesting outcomes.  As an example, the homeland security department is getting much more funding to address issues such as airport security technologies as well as CYBER-SECURITY.  This recent headline from HSWire (a homeland security journal) talks about the need to do more:
(click on the headline to see the whole article):

U.S. under growing cyber attacks

Published 18 February 2009

The number of cyber attacks on U.S. government computers and networks grow; there were 5,488 tracked incidents of unauthorized access to U.S. government computers and installations of hostile programs in 2008, compared to 3,928 such incidents in 2007, and 2,172 in 2006

Yesterday, Joe wrote about putting some wood behind the arrow.  This funding is certainly a good start.

Joe also mentioned that we had attended a number of national meetings regarding technologies and priorities for national cyber-security initiatives.  At these meetings we emphasized that complexity can be the enemy of security, and that today's operating systems are too large and too complex to even be capable of "security hardening".  Our belief is that genuinely secure operating systems need to be deployed in critical infrastructure.  Hardening will never be sufficient.   I was interviewed on this topic by the SANS Institute on this topic a couple of months ago.  To see the interview about fundamamentally secure operating systems, see this SANS article.

--all the best, Bill Worley

Posted by Bill Worley at 02:43 PM in Current Affairs, Operating Systems, Standards, Vulnerabilities | | Comments (0) | TrackBack (0)

|

February 16, 2009

Obama does Cyber-Security!

I find it remarkable that we now have a U.S. President who is technically savvy.

 He is blackberry-addicted, knows how to use email, recruits volunteers and mobilizes people using the web as a tool... and is actually AWARE that CYBER-SECURITY is an incredibly important issue.  Wow!

It was heartening last week to see an article on the front page of the Wall Street Journal mention the appointment of Melissa Hathaway as the cyber-security czar for the national security council.  That's the POPULAR PRESS talking about cyber-security.  The technical rags are writing about it as well, here's on in E-Week "In the Obama Era Routing has to Change, Too

Over the last couple of years there have been a lot of preliminary meetings on improving our nation's cyber-security infrastructure.  Bill Worley and/or I have attended meetings at Sandia, MIT, Johns Hopkins, let alone Blackhat & Defcon.  Those meetings set the stage; now is the time to put some wood behind the arrow.  Thank you Mr. President! 

But... will we throw away everything and start all over, as mentioned in this NY Times article?  Or will we make the existing net safer, as mentioned in the CircleID blog posting?

Mostly I see an evolutionary approach, but with a few disruptive technologies thrown in from time to time.  And because of this belief, I am very glad to see that these articles are emphasizing two of my favorite topics on shoring up the existing internet -- by solidifying DNS and BGP with DNSSEC and BGPSEC.   Sure there are lots of other security holes in the internet, but these two need attention quickly. 

Keep it up Mr. President.  Change we can believe in. 

Posted by Joe Gersch at 04:07 PM in Current Affairs, DNS / BIND / DNSSEC, Vulnerabilities | | Comments (0) | TrackBack (0)

Technorati Tags: , ,

|

Enter your email address:

Delivered by FeedBurner

About

Disclaimer

  • All views and opinions expressed on this blog belong to me, the author, and are not those of any current or past employers, investors, or anyone else.

Categories

Resources

Blogroll

Archives

Misc

  • Add to Technorati Favorites
Blog powered by TypePad