U.S. Misses DNS Security Deadline
Carolyn Duffy Marsan writes on NetworkWorld:
The federal government missed its first deadline for rolling out DNS security mechanisms on its .gov top-level domain.More here.
Federal officials now say they will cryptographically sign .gov by the end of February, one month behind their original schedule.
Federal agencies were required to deploy DNS Security Extensions (DNSSEC) on the .gov top-level domain by January 2009 and on all sub-domains by December 2009 under an Office of Management and Budget (OMB) mandate issued last year.
DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites. The Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.