Tonight at 12:01 AM EDT Monday July 9th, the Internet is going to become inaccessible for nearly half a million people around the world because of malware called DNS Changer
. If your computer is infected with DNS Changer, it won't be able to get on the Internet anymore. Here's how to get rid of it and make sure the Internet still works for you. More »
When the FBI and Estonian authorities finally crushed the DNSChanger Trojan network in January
, they set up a temporary DNS exchange to maintain connectivity for the millions of infected users until they could wipe the bug from their systems. More »
For months, the US Government has issued court orders in order to seize and shutdown sites—even when the domain names are registered abroad. Now it has made its position on domains perfectly clear
: If it ends in .com, .net, .cc, .tv and .name, we can seize it. More »
On Valentine's Day, I may have an unexpected present: My websites might all go dark, and a decade's worth of data may vanish. My host's domain registration is set to expire tomorrow, and the man behind it has disappeared. (Update: He's back! See below.) More »
Score one for the Internet. One of SOPA's most controversial provisions—DNS blocking—will be removed, for now at least, according to one of the act's staunchest supporters, Representative Lamar Smith. More »
We’ve talked about OpenDNS quite a bit over the years, noting that these guys know what geeks like: free, fast DNS lookups that smooth out the Internet’s rough edges and shave seconds off of many web tasks. Now OpenDNS is offering DNSCrypt, a service that completely encrypts your DNS sessions, ensuring that evil ha><0rZ can't see where you're headed on the web. The service also prevents man-in-the-middle DNS attacks. The service also automatically enables OpenDNS on your machine, thereby killing multiple birds with one multi-megabyte OS extension.
What does it do? Basically DNSCrypt wraps your DNS conversation in an SSL wrapper. Considering most DNS sessions are plaintext, this a huge deal. They've even made the source code available for free here so that independent security experts can test their claims.
From the website:
In the same way the SSL turns HTTP web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn’t require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between our customers and our DNS servers in our data centers. We know that claims alone don’t work in the security world, however, so we’ve opened up the source to our DNSCrypt code base and it’s available on GitHub (ed: not yet posted).
DNSCrypt has the potential to be the most impactful advancement in Internet security since SSL, significantly improving every single Internet user’s online security and privacy.
The system has automatic failover to an unsecured state and can prevent folks from snooping on your DNS calls in a coffee shop or unsecured cyber cafe. Sadly, it’s not a full proxy so it won’t hide your browsing habits from local censors.
It’s available now for the Mac, and Linux/Windows versions are forthcoming.