Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The point of DNScurve is not to bother attempting to create a cryptographic chain of custody for all DNS records (which is what DNSSEC does), at least not until after we've set it up so that a browser can make a request of a server that cannot be tampered with.

It is a vastly simpler, tactical solution to the DNS "security problem" (I'm a skeptic about the long term importance of this problem too).



So why would a kernel-level rootkit like TDSS start dropping the DNSChanger trojan on 600K to 1M machines?

Just another pay-per-install malware module?

Hard for AV to detect the settings are wrong?

http://www.eweek.com/c/a/Security/Researchers-Discover-Link-...


I can't see any connection between what a kernel-level rootkit does and how we should secure DNS. If you lose your kernel, you're done, full stop.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: