25-01-15

MORECOWBELL of the NSA is not spying an sich and why DNSSEC makes it worse

source https://gnunet.org/sites/default/files/mcb-en.pdf which will also discuss the different possibilities to protect the information in our dns queries

okay the slides are from the NSA

okay the NSA is a spy organisation

okay they don't want you to see that it is the NSA and they have some secret servers in Europe and around the world

okay they give a stupid name to it instead of just dns monitoring

but what they are doing every networker and researcher in the world is doing like this example http://www.caida.org/projects/ark/

* monitoring changes to the DNS to know where it is located, who is the owner, if links between servers is changing (between the website and the mailserver for example)

* the information on DNS servers is not encrypted and encryption is far away and has always been seen as something public

* you can bypass that kind of monitoring to change your IP address quite often or go through a proxy without a dns server (that is to say that has only an IP address)  and servers can also become more secret by NOT having a domainname but just an IP address (even if that would be more difficult if you are using virtualisation)

this monitoring is less threatening than using it to find vulnerable dns server to inject or change dns information so that people who think that they are on linkedin for example are on 'their' copy of linkedin

and the article cited before states that dnssec not only has some big problems and vulnerabilities but that in fact it makes it easier to transfer bulk data and bulk metadata that is all what the NSA and other spyorganisations are after.

De commentaren zijn gesloten.