Print
Comcast announced today that it has finished the rollout of Domain Name System Security Extensions (DNSSEC) across its network. While patting itself on the back, Comcast’s blog post went on to essentially admit that a major element of the enforcement plan in SOPA and PIPA is incompatible with DNSSEC. Comcast is the owner of NBC-Universal, and a vocal supporter of SOPA.
The way Comcast outed itself is a little roundabout. The nation’s biggest ISP feels confident enough in DNSSEC that it shut down its internal domain Domain Helper redirect service. Domain Helper would try to redirect users that typed in commonly misspelled addresses to the right website. The important thing here is that Comcast ended support for Domain helper because it says DNS redirects are not supported by DNSSEC. SOPA and PIPA would use DNS redirects to block offending websites. Oops.
According to Comcast itself, DNS redirects are indistinguishable from malicious attacks like DNS poisoning. SOPA supporters have been brushing off claims that SOPA-mandated DNS redirects would mean a less secure Internet, but it appears that when not on Capitol Hill, Comcast believes quite the opposite to be true.
Comments are closed on this article
Nailer669
January 11, 2012 at 6:57pm
The only way to prove to people they are wrong (when they won't listen) is to let them be stupid. While the world burns around them, point and laugh. Let it burn. We need a reset back to about 1700 anyway. People are too reliant on technology and can't think for themselves or do anythig themselves. I'm stocked up on ammo and have enough land to survive. Let them do it. While I like technology and gadgets as much as the next person, it makes me sick how many people are completely worthless because of technology.
Carlidan
January 11, 2012 at 10:49pm
Tell me how well you fair when you get "attacked" by the government. Remember what arsenal has. They have tanks, bigger guns, missles. bombers, helicopters, nukes, and really nice aircrafts. And if your living on water they have navy ships. Oh what did you have? Oh yeah ammo. Let's see who will win this one. Hmmm.... I'm guessing the "government" but who knows, maybe you'll get lucky. I'm rooting for you. Hell are you sure you can even take out a cartel? I think the probably kick your ass.
ONaE
January 11, 2012 at 8:45pm
I find it ironic how you decide to post this in a technology oriented website. While I understand where you're coming from (even if I have to warp my mind a little to get there) I don't think that's going to happen buddy. Keep the ammo though, we'll need it when another country finally gets the balls to start a war on US turf.
Nailer669
January 12, 2012 at 5:54am
I posted this on a technology oriented website for that very reason - entertainment. I'm just as bad as the next guy. I have 7 computers in the house, a streaming-media computer, 3 tablets, two netbooks, and an ancient Macbook. All but the streaming computer, the kid's computers, the wife's, and my computer are sitting in a pile unused.
Cregan89
January 11, 2012 at 5:05pm
I don't think this information is very accurate. I can't say for sure, I would have to do more research on the topic, but from my understanding, the type of DNS redirect that SOPA is proposing happens at the very top level of the DNS tree, the level at which a DNS name is digitally signed and encrypted according to DNSSEC specifications. Whereas DNS redirects for Comcast's Domain Helper were happening after that top-level DNS server which would break DNSSEC. So I think SOPA redirects should in theory still work with DNSSEC, although there is a lot discussion in the tech industry about other possible issues.
But from this description it's very obvious to see what the big issue with SOPA is. Creating the ability for DNS redirects at the very top-level DNS server is a major, MAJOR security concern! If these top-level redirects were somehow exploited, they could be used to redirect every single internet user, to a malicious website, with 100% effectiveness, and it would be very difficult for anybody to notice.
To give you an example of how damaging this could be, if I was given the ability to make top-level DNS redirects to any DNS name of my choosing, as a web developer, I could write a little JavaScript in probably less then 30 minutes that would act as a keylogger, and then forward you on to your banking website and record your password and send it back to me. And the scariest part is that I would have 100% accuracy with this hack. Every single user that goes to that banking website I've rigged would be screwed, and they would never notice.
dgrmouse
January 11, 2012 at 6:06pm
Find me even one single banking website that isn't SSL-encrypted, please. Your web browser would warn you at least twice that something wasn't right and would generally require you to explicitly continue in order to forfeit your valuable information.
That said, I'm offended by any attempt of the government to censor its citizens, and I have zero faith that our government is above corruption.
Neufeldt2002
January 11, 2012 at 7:08pm
What Cregan89 is talking about is that the redirect would happen before you even got to your banks web page. Therefore all they need then is the keylog info and they have your account.
Hey.That_Dude
January 11, 2012 at 10:14pm
Agreed. Secure Sockets Layer (SSL) is lower down the flag poll from DNS. Think of it this way with DNS control I could make your computer think I was your bank (not too difficult to make a fake certificate), or i could just say add a deep packet inspection step on your route. I could route you more times than your TTL would allow ensuring complete packet drops and time outs. With DNS control I could break the internet by getting the name and changing the IP addresses of some major domains and a few router centers... This is why we don't let HUMANS touch the DNS services, we made them automated because computers do it better then us (faster, better, more secure, etc.).
mhouston100
January 11, 2012 at 4:56pm
Like everyone else on this site I've been following the development of SOPA and PIPA and as outrageous and damaging it will be to the internet from a professional level, i.e sites like Reddit, Youtube etc - however, like all crazy government legislation relating to the internet, it will only spur on more (and faster) development for alternatives, and for my private Internet experience it will not affect me in the slightest.
And as always, it will only end up hurting the common people who pay for their services and buy the media. It certainly won't hurt pirates one little bit (what self respecting movie pirate uses Youtube?) just look back at how fast things progressed from Newsgroups -> FTPs and Mirc -> Http downloads --> Napster, Limewire, Kazaa --> Bittorrent --> Now things like TOR for an example, pirates will always be one step ahead...
Biceps
January 11, 2012 at 10:14pm
NEWSFLASH: the big 'content creators' who are sponsoring SOPA don't give a shit about piracy. They know they can't stop it. SOPA will be designed and used to destroy smaller content creators and to keep promising small websites (or news stories) from competing with the bigger names. This fight has nothing to do with piracy and everything to do with power and control and the ability to censor at will with no check or balance. It is also the reason that a law like this could never pass if both houses of our government weren't the most corrupt mother-fuckers on the planet.
mhouston100
January 12, 2012 at 1:35pm
By piracy I refer to all copyright infringment - i.e the main selling point of SOPA and PIPA. We all know the true reasons behind it but to say it has nothing to do with piracy is a bit rediculous.
chipmunkofdoom2
January 11, 2012 at 4:24pm
And therein lies the problem with politics and the world today.
Worst case scenario? Lawmakers support SOPA because they're paid to. Best case scenario? They actually make a half assed attempt to do some research and magically they only happen to find facts that are erroneous, like SOPA's DNS redirects are no biggie. Comcast, a HUGE corporation, seems to think otherwise.. they were so sure, in fact, that they did a huge network upgrade. But no, somehow there is no factual information or the lawmakers never seem to find it.
But hey, what do the politicians care? They get their money, they get whatever they want, and they keep their power. That's all that really matters to them, so unfortunately, that's all that really happens. In the words of the great Bender Rodriguez, "We're boned."
