None of the 100 largest e-commerce sites have fully implemented DNSSEC
Posted on 05 February 2013.
The biggest brands in e-commerce are overlooking a critical security technology that could reduce the risk of identify theft and credit card fraud.

An analysis of the 100 largest e-commerce companies in the United States conducted by the technical team at Secure64 reveals that:
  • None of the 100 largest e-commerce sites have fully implemented Domain Name System Security Extensions (DNSSEC)
  • None of these 100 largest e-commerce sites are showing evidence that they are in a trial deployment of DNSSEC.
DNSSEC is a set of security protocols that fix fundamental vulnerabilities in the DNS. With DNSSEC, internet users know for sure that their web and email communications reach the server that they intended, and are not hijacked by an attacker to steal personal or confidential information.

DNSSEC is also a basic mechanism to ensure that SSL and VPN are truly trustworthy. Without the enhanced security that DNSSEC provides, communications between applications and organizations via SSL and VPN may be susceptible to eavesdropping, tampering and other threats.

"Secure64 has conducted a series of analyses to measure progress in making DNS more secure, and this study of the e-commerce industry may be the most surprising and disturbing given how central DNS infrastructure is to the entire business model of leading e-commerce sites," said Joe Gersch , Chief Operating Officer at Secure64.

"Secure DNS infrastructure is of great importance to the other industries we have analyzed, but DNS security is even more critical to e-commerce sites because all of their transactions are dependent on that infrastructure. These companies should not waste any more time in addressing this urgent security issue. Their businesses depend on it," he added.





Spotlight

USBdriveby: Compromising computers with a $20 microcontroller

Posted on 19 December 2014.  |  Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Fri, Dec 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //