Kaminsky On DNS Bugs a Year Later and DNSSEC
L3sPau1 writes "Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System. In the time since, Kaminsky has become an advocate for improving security in DNS, and ultimately, trust on the Internet. One way to do this is with the widespread use of DNSSEC (DNS Security Extensions), which essentially brings PKI to website requests. In this interview, Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services."
I have never met a bigger group of shysters and con-artists than "security consultants" in all my life.
Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services
that says it all, right there. This isn't about securing your assets, this is about generating fear so an army of security consultants can sell you an entirely new class of products you don't need.
Has anyone noticed the recent increase in the number of shockingly boring topics on Slashdot?
Sadly, I'm willing to agree. DNSSEC may, in fact, be the cat's meow and and end-all-be-all to security, everywhere, but the way Kaminsky's advocating it seems disturbingly similar to some raving lunatic who finally, by a dumb stroke of luck, got one doomsday prediction right (in some way, shape, or form), and is now running around to anyone who'll listen, punctuating all his arguments with "Oh yeah? Well, I was right about DNS security! Remember? REMEMBER THAT, SONNY??!? I WAS RIGHT AND EVERYONE ELSE WAS WRONG SO LISTEN TO ME BECAUSE I KNOW MORE THAN YOU DO."
Considering you can't be bothered to read the information out there to even understand it, I think you'll find it very hard.
Its not actually hard if you use someone elses encryption libraries, but if you are too lazy to even lookup how it works, and its fairly clear you have no understanding of how it works, its probably safe to say you are going to consider it hard.
In reality, its not really a any worse than say adding SSL support to a web browser.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager