Oyya-Info TechNews

CNET Hacker Chart : Keeping up with the hackers

Wed, 22 Jun 2011 06:25:33 +0100

The number of hacking events of late is making our heads spin at CNET. By our count, there have been more than 40 computer attacks, network intrusions, or data breaches in the last few months. And they seem to be a daily occurrence.

In previous coverage we've noted that it seems to be open hacking season, written about some of the hackers and groups who are behind the attacks and speculated on their motives, so we thought we'd provide a chronological chart listing the attacks so we could all keep up on them. We plan to update the chart as time goes on. So please let us know if there are any additions or changes that should be made.

To see the whole chart on one page click here.

Phishers use HTML attachments to evade browser blacklists

Tue, 22 Mar 2011 08:02:38 +0100

To get around phishing blacklists in browsers, scammers are luring people by using HTML attachments instead of URLs, a security firm is warning.

Chrome and Firefox are good at detecting phishing sites and warning Web surfers via a browser notice when they are about to visit a site that looks dangerous. So good, in fact, that scammers are resorting to a new tactic to lure victims into their traps via e-mails--attaching HTML files that are stored locally when they are opened, according to an M86 blog post yesterday.

After the user fills in a form with the information the scammers want to steal and clicks "submit," the HTML form sends the data through a POST request to a PHP (Hypertext Preprocessor) script hosted on a legitimate Web server that has been compromised. (POST is used when a computer is sending data over the Internet to a Web server.) Because few PHP URLs are reported as abuse, this action does not trigger a warning from the browser, M86 said.

"Months-old phishing campaigns remain undetected, so it seems this tactic is quite effective," the blog post says. "Logically, however, the browser should be able to detect a URL when the browser sends the POST request."

The phishing URLs alone without the HTML form are hard to verify because the PHP script runs in the server and no visible HTML is displayed after clicking the submit button, other than redirecting to a page belonging to the company the scammer was pretending to be, the post says.

To protect against this, people should avoid opening HTML attachments if the e-mail seems suspicious and not provide any information in forms. Financial institutions do not send such attachments to customers.

While many people will click on a link in an e-mail that looks like it comes from their bank, fewer are likely to open the HTML attachment.

Mozilla representatives did not provide comment on the report today. Meanwhile, a Google spokesperson provided this comment: "Google has a number of defenses against phishing sites to help protect our users. For example, Gmail checks HTML attachments for phishing sites and displays a warning to users when one is detected. We always encourage users to be cautious when handling unexpected attachments and when providing personal information requested by email."

How to avoid disaster-related Internet scams

Tue, 22 Mar 2011 07:51:39 +0100

In every disaster scammers see an opportunity, and the crisis in Japan is no exception. Already there have been fake Red Cross e-mails circulating and there will no doubt be more scams coming.

Those e-mails appear to come from the British Red Cross. They provide some news on the earthquake and tsunami in Japan and urge people to donate to a Yahoo e-mail address on a Moneybookers account, a money transfer service that enables recipients to remain anonymous, according to App River, an e-mail hosting and security services provider.

However, real charities have e-mail addresses with their own domain and typically send people to their own Web site to make donations.

E-mails seeking "donations" via random payment services are just one way scammers can exploit catastrophes. E-mails can also include links or attachments that lead to phishing or malware-hosting Web sites. And scammers can sneak Web sites hosting malware into Web searches based on popular search terms and even create new topical Web sites solely for the purpose of hosting malware.

Here are tips for avoiding scams that piggyback on disasters and other high-profile events:

• Do not follow unsolicited Web links or attachments in e-mail messages. Be particularly cautious about clicking on photos and videos that purport to show dramatic images or footage of disasters as they can be used as bait and lead to malware.

• Do not provide sensitive information, such as bank account information or Social Security number, in response to an e-mail.

• Keep your antivirus and other software up to date.

• Verify the legitimacy of the e-mail by going directly to the charity's Web site or calling the group.

• Find out details about the organization by searching on the Better Business Bureau's site, or GuideStar. Attorneys general often have searchable databases of charitable groups in their states. (California's, for example, is here.) The U.S. Agency for International Development (USAID) also has valuable information about how best to help victims in international disasters.

• Be wary of sites that resemble legitimate organizations or that have copycat names that are similar to reputable organizations. For instance, most legitimate charitable organizations will have a Web address that ends in ".org" instead of ".com."

• Be skeptical of people claiming to be survivors and asking for donations via e-mail or social networks.

• Ask how much of the donation goes to charity and how much goes to administration.

• Use credit cards or checks; do not send cash. Do not make checks payable to an individual. Only provide your credit card information once you feel certain that the organization is credible and do not use money payment services to make contributions.

• Do not feel pressured into giving donations.

Update 11:45 a.m. PT: GFI Labs blog is reporting on Twitter spam with a link that leads to a brand new site purporting to sell an electronic book on how to "minimize your chances of [getting] radiation sickness." And Sophos reports on malware circulating that poses as links to videos about the Japanese tsunami, as well as dangerous links sent via Twitter notifications.

Update 2:42 p.m. PT: GFI Labs blog is reporting about e-mails coming from "ICRC Basedhelping Foundation" that are seeking disaster donations. Kaspersky also is reporting about Japan quake-related e-mails with links in them that lead to pages with Java exploits designed to install malicious programs.

Update 4:42 p.m. PT: Sophos reported over the weekend about a clickjacking attack in which Facebook users were tricked into liking a YouTube video link that purported to show video of a whale hitting a building during the tsunami in Japan.

Geinimi Android Trojan horse discovered

Sun, 02 Jan 2011 14:22:58 +0100

There has been something of a sting in the tail of the year for lovers of the Android mobile operating system, as researchers uncovered a new Trojan horse.

The Troj/Geinimi-A malware (also known as "Gemini") has been seen incorporated into repackaged versions of various applications and games, and attempts to steal data, and may contact remote URLs.

Although some media reports have portrayed Geinimi as the first ever malware for the Google Android operating system, this isn't correct. For instance, in the past we've seen banking malware has been found in the Android Market, security researchers have demonstrated spyware rootkits for Android devices, and users have been warned about Trojans from Russia which send SMS text messages to premium-rate numbers.

In the case of the Geinimi malware, the good news is that it appears not to have made it into the official Android market app store - meaning that you would only have been putting yourself at risk if you installed poisoned software from an unauthorised source. Researchers at mobile security firm Lookout say they have only seen the software on unofficial Chinese app stores.

And you have to deliberately change the settings on your Android smartphone to make it possible to install software from such "unknown sources".

So, the sky is not falling - and it's not the end of the the world as we know it if you love all things Android. But Android users should still be sensible about security.

Android is a much more "open" operating system than the Apple iOS used on iPhones and iPads, and Android users don't have to jump through as many hoops to install applications that have not been made "officially" available.

And, it shouldn't be forgotten that not all attacks are OS-specific. Phishing attacks, for instance, don't care what operating system you're running - they just rely on you not taking enough care about the link you are clicking on (something that's pretty easy to do when you have a small screensize to view a - perhaps - long url).

And increasingly we are seeing examples of threats which only exist "within the browser" or spreading entirely inside a social network, never touching your smartphone's operating system.

So there are dangers out there whatever kind of browsing device you are using. Desktop or laptop, mobile or tablet.

Sophos products can detect samples of the Geinimi Trojan we have seen to date as Troj/Geinimi-A.

Searching for free stuff online can be costly

Thu, 16 Sep 2010 06:57:43 +0100

This pie chart shows the different threats that can come from visiting Web sites that advertise unauthorized content.

(Credit: McAfee)

It's common knowledge that you can catch computer viruses on porn Web sites. But did you know it's also risky to surf the Web searching for free movies or music?

A study from McAfee to be released on Tuesday finds that adding the word "free" when looking for entertainment content in search engines greatly increases the chances of landing on a site hosting malware.

For instance, searching for free music ringtones increases the chances of hitting a malicious site by 300 percent, according to the report, "Digital Music & Movies Report: The True Cost of Free Entertainment." (PDF)

Searching for "lyrics" for a particular artist is twice as risky on average as searching for "ringtones" for the same artist for the first five pages of results, the report found.

And including the term "MP3" increases the riskiness of music searches in general. There has been a 40 percent increase in the number of Web sites that are delivering infected MP3 files or that seem to be built for purposes of financial fraud or delivering malware, according to the report.

Meanwhile, McAfee found malware associated with a number of Web sites around the world advertising free downloads of sports games, movies, and TV shows.

Twelve percent of sites that distribute unauthorized content are distributing malware, and 7 percent of sites offering unauthorized content have associations with cybercrime organizations, the report concluded.

"The sites often look very professional and attempt to lure the user with the idea of a 'trial period' or even some nominal fee that is much less than what may ultimately be charged," the report says. "Once the user agrees, they have to authorize their computer to access and interact with computers that are involved in a wide range of schemes--from money laundering to stealing credentials such as user names and passwords. In addition, with this access, your computer is profiled--with all of its software versions, user agents, and any other date--and this information can be provided to third parties for malicious purposes. (This is often called 'fingerprinting.')"

To reduce the chances of landing on malicious sites, McAfee recommends avoiding the use of the word "free" in searches for entertainment content, avoiding clicking on links in banner ads on content sites that aren't well established, not clicking on links posted in forums and on fan pages, keeping security software up to date, and using safe search plug-ins like McAfee Site Advisor that warns of potentially risky sites.

How secure is your e-mail password?

Thu, 16 Sep 2010 06:47:03 +0100

Access to an e-mail account opens up access to all sorts of other information that could be used to steal someone's identity and drain bank accounts, open up credit cards, and even take out loans in their name.

It's not just personal information at stake in e-mail accounts. Use of weak password-reset security questions is believed to have allowed someone to access the Yahoo e-mail account of a Twitter employee last year and then use that to access the person's Google Docs account where there was sensitive corporate information.

In agreeing to the project, Thompson(Adjunct professor of software security at Columbia University and founder of consultancy People Security) had already done some homework and had a list of specific security questions that the major Web-based e-mail providers use. The questions include a mix of preference questions, like what is your favorite book, musician, town, and restaurant. Easy questions as they may seem on the surface, they are subject to change as peoples' tastes change. For instance, you are likely to have a different favorite movie every couple of months or at least likely to forget what your original answer was. These aren't always easy for a stalker to find either, unless the target happens to be a blogger who shares a lot of personal information. It's the same for the category I'll call "firsts," such as what was your first pet's name, teacher's name or job.

Then there are the fact-based questions that are easier to find from public databases, such as the hospital you were born at, the street you grew up on or the town, your first phone number, high school you attended, last four digits of your Social Security number, mother's birthplace and grandfather's occupation.

Finally, there are the questions that people don't usually remember or tend to have handy so they are less likely to choose them. These include what is your primary frequent flier number or library card number.

Armed with a list of common questions from Gmail, Yahoo, Live Mail and AOL, Thompson knew what information to look for. Using a Web-based conferencing system, I was able to watch his screen as he traversed the Internet. His first stop was Google where he typed in my first and last name. (All Thompson knew about me at the onset was my first and last name and that I work at CNET.)

Thompson went straight to my LinkedIn profile where he learned where I went to college and details of my past work experience. He then searched for me on a people search engine called Pipl.com and came across references for city, state, age, middle name, address and phone numbers. He found additional addresses on 123people.com.

On Intelius.com, another site that offers some basic information for free but charges for additional data, he came across other people with the same last name who were supposedly associated with me and their ages. (Most but not all of the information uncovered in this experiment was accurate.) By comparing information on the various sites and cross checking purported relatives and addresses, Thompson was able to guess which state I grew up in and what cities I have lived in.

Then Thompson called in the big guns--Ancestry.com. The site, which is designed for people creating family trees and doing genealogy research, pulls data from a host of public databases and provides more information than the free searches on the other sites but charges a subscription, of course. There is also a 14-day trial offer.

On Ancestry.com he had to guess at the birth year after learning my age on a different site but not knowing the exact date and took an educated guess at the city of residence too. Voila! Up came a birth date, a bunch of previous addresses, and even at least one phone number.

Someone could easily take the address information to figure out answers to some of the preferential security questions by using Google Street View to zoom in on bars, restaurants, and other hangouts in the immediate vicinity, said Thompson, who also is chair of the RSA Conference. "The longer you lived at an address, the more interesting those searches are," he said.

Then he used Ancestry.com to search on one of the names linked to me and that he suspected was my mother because of the associated ages. "Your mother is the most interesting relative for us to look up because her name typically tells us what your maiden name is, but it also is a gateway to find out who her parents were," Thompson said. "If we know their names then we know what your mother's maiden name was."

A common address between mother and subject also indicates the childhood home address. "That's valuable for password reset questions that ask what street you grew up on," he said. "Then you can search the addresses for the schools that are nearby and then go on Classmates.com and bring up teachers by year at that school."

Thompson then went back to Google to see if I had a resume online, but that proved to be a dead end. Resumes have a wealth of personal information, including e-mail addresses, phone numbers, addresses and college. Outdated resumes are even more valuable, according to Thompson.

Following the e-mail trail
Satisfied with the amount of biographical information he had accumulated on me, Thompson then decided to see what e-mail addresses he could find. Since e-mail services allow you to reset your password by sending a message to your alternate e-mail address, getting the earliest e-mail address for someone is key because that is the one most likely to offer up security questions. If it's a school e-mail address, that is even better because those security questions are likely to be the least secure, he said. The idea is to follow the trail of e-mail addresses as far back as possible. Corporate e-mail addresses, meanwhile, aren't much help because they typically reset passwords internally through the corporate IT department.

Since I was in school before e-mail was popular (now you know I'm no spring chicken!) there was no school e-mail address for me. If there had been one, Thompson said he would have searched for the school on Classmates.com and checked for the domain there and guessed what my e-mail address would have been. He also could have looked for public records associated with possible student loans to get an e-mail address that way, he said.

Thompson guessed that I would have a Gmail address and that as an early adopter it would follow a particular, simple format. But when he tried to reset the password, the system offered to have password reset information sent to my alternate e-mail address or phone number. Gmail provided enough of the other e-mail address to figure it out and a few letters of the cell phone that could be compared against phone numbers uncovered on the people search sites. He then would have had to hack my cell phone or otherwise get physical access to it in order to get to the text message and choose the password he wants in order to hijack my account.

Thompson and I ran out of time, but I went ahead and finished the process and tried to reset the password on my alternate e-mail account. I struck gold--from an attacker's point of view--in that it did ask security questions instead of referring me on to yet another e-mail address. But two of the three questions it asked (which I must have created) were unlikely to appear in any public databases and were not based on preferences. I'd share them with you, but then I'd have to kill you. (Just kidding. See below for some suggestions.)

The third security question asked was (yikes!) my mother's maiden name, which Thompson had not yet uncovered but would have eventually if we had had more time.

I compared the accurate information uncovered by Thompson with the list of about 30 or so security questions that the e-mail providers offer as default questions and found that about eight of them would have easily been answered and another four probably could have been.

Phew! Safe enough--for now
Because of the time constraint and the fact that I write about computer security issues and am thus more likely to be more security-conscious, Thompson did not hijack my e-mail account. But the experiment was fascinating, nonetheless. It showed how easily a stranger can dig up all sorts of information on someone. And it showed just how easy to guess many of the password-reset security questions are.

Thompson recommends that people conduct this experiment on their own identity to see what the results are and how secure their e-mail accounts are. And I would suggest the same. Then, either choose the safest default questions or, better yet, create your own, if that is an option.

When selecting a question option, think of an event in your life or a fond memory that is not going to be found on a public document and which you won't likely forget. Choose something that you haven't exposed to the public in a blog, Facebook posting or other online site. And think about specifics related to that memory, like a person, place or thing. Avoid referencing anything that can change over time such as a preference or feeling. Then set the question based on that.

When I realized the amount of information Thompson had amassed on me in a relatively short period of time, I was shocked and a little nervous. It's fine for someone I trust to be trawling the Internet for details of my personal life, but if he could do this so could someone else.

Be cautious of Internet access at airports

Thu, 26 Aug 2010 11:25:35 +0100

Accessing the Internet via an open Wi-Fi network is risky because you have no idea who is the hot spot provider or who is connected to it. At the airport it may seem more secure to use a terminal to check your e-mail or update your Facebook status; however, according to Symantec, these terminals might not be secure at all.

In a recent article on the company's Web site, Nick Johnston, senior software engineer of Symantec Hosted Services, wrote that at one Internet terminal at a large airport in England, he saw an unusual "Defense Center Installer" dialog box that turned out to be a fake antivirus software, also known as "scareware."

Scareware is a type of malware that claims a computer is infected with viruses and tries to coerce the user into buying the full version of the software to clean the fictitious infection. It's common for this type of malware to try to disable or uninstall legitimate antivirus software, causing Windows Security Center to warn that no antivirus software installed. As this type of software is not really a virus, it's hard for legitimate antivirus software to detect and remove it.

The fact that the Internet terminal has this type of malware indicates that it is not protected and might be infected with other hidden, more dangerous malware such as a keylogger. Unlike "scareware," which makes its presence known, there is no obvious indicator that a keylogger is active while it silently captures users' input. This means that usernames and passwords for airline accounts, bank accounts, Web mail, social media accounts, or any other private accounts accessed on the terminal can be stolen.

For this reason, you should exercise extreme caution whenever you are using publicly available Internet access terminals and avoid doing anything that requires you to sign on to personal or corporate accounts. The best practice is to only enter your private and important information, such as bank account, Social Security number, and so on, on computers and networks that you know. If you share computers with other people, remember to change your passwords regularly.

A few minutes of negligence might result in costly consequences that could take a long time to fix.

Stuxnet Malware could hijack power plants, refineries

Tue, 17 Aug 2010 08:44:35 +0100

A worm that targets critical infrastructure companies doesn't just steal data, it leaves a back door that could be used to remotely and secretly control plant operations, a Symantec researcher said on Thursday.

The Stuxnet worm infected industrial control system companies around the world, particularly in Iran and India but also companies in the U.S. energy industry, Liam O'Murchu, manager of operations for Symantec Security Response, told CNET. He declined to say how may companies may have been infected or to identify any of them.

"This is quite a serious development in the threat landscape," he said. "It's essentially giving an attacker control of the physical system in an industrial control environment."

The malware, which made headlines in July, is written to steal code and design projects from databases inside systems found to be running Siemens Simatic WinCC software used to control systems such as industrial manufacturing and utilities. The Stuxnet software also has been found to upload its own encrypted code to the Programmable Logic Controllers (PLCs) that control the automation of industrial processes and which are accessed by Windows PCs. It's unclear at this point what the code does, O'Murchu said.

An attacker could use the back door to remotely do any number of things on the computer, like download files, execute processes, and delete files, but an attacker could also conceivably interfere with critical operations of a plant to do things like close valves and shut off output systems, according to O'Murchu.

"For example, at an energy production plant, the attacker would be able to download the plans for how the physical machinery in the plant is operated and analyze them to see how they want to change how the plant operates, and then they could inject their own code into the machinery to change how it works," he said.

The Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files ending in ".lnk." It infects machines via USB drives but can also be embedded in a Web site, remote network share, or Microsoft Word document, Microsoft said.

Microsoft issued an emergency patch for the Windows Shortcut hole last week, but just installing the patch is not enough to protect systems running the Siemens program because the malware is capable of hiding code in the system that could allow a remote attacker to interfere with plant operations without anyone at the company knowing, according to O'Murchu.

"There may be additional functionality introduced into how a pipeline or energy plant works that the company may or may not be aware of," he said. "So, they need to go back and audit their code to make sure the plant is working the way they had intended, which is not a simple task."

Symantec researchers know what the malware is capable of but not what it does exactly because they are not done analyzing the code. For instance, "we know it checks the data and depending on the date it will take different actions, but we don't know what the actions are yet," O'Murchu said.

This new information about the threat prompted Joe Weiss, an expert in industrial control security, to send an e-mail on Wednesday to dozens of members of Congress and U.S. government officials asking them to give the Federal Energy Regulatory Commission (FERC) emergency powers to require that utilities and others involved in providing critical infrastructure take extra precautions to secure their systems. The emergency action is needed because PLCs are outside the normal scope of the North American Electric Reliability Corp.'s Critical Infrastructure Protection standards, he said.

"The Grid Security Act provides emergency powers to FERC in emergency situations. We have one now," he wrote. "This is essentially a weaponized hardware Trojan" affecting PLCs used inside power plants, off-shore oil rigs (including Deepwater Horizon), the U.S. Navy's facilities on ships and in shore and centrifuges in Iran, he wrote.

"We don't know what a control system cyberattack would look like, but this could be it," he said in an interview.

The situation indicates a problem not just with one worm, but major security issues across the industry, he added. People fail to realize you can't just apply security solutions used in the information technology world to protect data to the industrial control world, he said. For example, Department of Energy intrusion detection testing didn't and would not have found this particular threat and anti-virus didn't and wouldn't protect against it, Weiss said.

"Antivirus provides a false sense of security because they buried this stuff in the firmware," he said.

Last week, a Department of Energy report concluded that the U.S. is leaving its energy infrastructure open to cyberattacks by not performing basic security measures, such as regular patching and secure coding practices. Researchers worry about security problems in smart meters being deployed in homes around the world, while problems with the electrical grid in general have been discussed for decades. One researchers at the Defcon hacker conference in late July described security problems in the industry as a "ticking time bomb."

Asked to comment on Weiss' action, O'Murchu said it was a good move. "I do think this is a very serious threat," he said. "I don't think the appropriate people have realized yet the seriousness of the threat."

Symantec has been getting information about computers infected by the worm, which appears to date back at least to June 2009, by observing connections the victim computers have made to the Stuxnet command-and-control server.

"We're trying to contact infected companies and inform them and working with authorities," O'Murchu said. "We're not able to tell remotely if (any foreign attack) code was injected or not. We can just tell that a certain company was infected and certain computers within that company had the Siemens software installed."

O'Murchu speculated that a large company interested in industrial espionage or someone working on behalf of a nation-state could be behind the attack because of its complexity, including the high cost of acquiring a zero-day exploit for an unpatched Windows hole, the programming skills and knowledge of industrial control systems that would be necessary and the fact that the attacker tricks victim computers into accepting the malware by using counterfeit digital signatures.

"There is a lot of code in the threat. It's a large project," he said. "Who would be motivated to create a threat like this? You can draw your own conclusions based on the countries targeted. There is no evidence to indicate who exactly could be behind it."

VeriSign adds malware scanning to SSL services

Fri, 23 Jul 2010 06:53:52 +0100

VeriSign is adding malware scanning to its authentication services for Web site operators, the company announced on Monday.

The "VeriSign Trusted" check mark seal indicates to Web surfers that VeriSign has verified that the site represents the organization or company that it purports to be and that it is using encryption to protect communications between the site and its visitors. Now, existing and new VeriSign SSL customers will have their sites scanned daily to check for malware as well, at no extra cost, said Tim Callan, vice president of product marketing at VeriSign.

The company also is adding its seals to Web search results on shopping search engines Pricegrabber and TheFind, as well as on Google and Bing for people using AVG's LinkScanner software. "We are aggressively pursuing deals with other search engines," Callan said.

If VeriSign discovers malware on a customer Web site, it will remove the seal and notify the site administrator via e-mail. Site administrators can see a report detailing what code was found and where via a VeriSign management console. When the malware is removed VeriSign will scan the site to verify that and then replace the seal.

The increase in drive-by-downloads in which Web surfers are infected with malware just by visiting a site prompted VeriSign to add this additional level of security for its customers, he said.

"Our seal and our service is widely understood to be the most recognized, most prominent indicator of a safe Web experience," Callan said. "In order for our seal to still mean what people think it means we needed to offer this service moving forward."

The service enhancement is also a way for VeriSign to differentiate its SSL certificate services from the dozens of other companies offering similar services. "We view ourselves as the Mercedes Benz of this category," Callan said. "We are making sure we are best of breed."

The malware scanning will be rolled out in stages to all VeriSign branded SSL certificate customers worldwide between now and the end of the year, he said.

Users of AVG LinkScanner will now see results on Google and Bing with the VeriSign SSL seal.

(Credit: VeriSign/AVG)

DNSSEC protocol to plant security at Net's roots

Fri, 16 Jul 2010 06:42:03 +0100

The secure domain name server (DNS) protocol DNSSEC guarantees the authenticity of the mechanism that converts human-friendly internet addresses to the Internet Protocol numeric address system. DNSSEC — short for Domain Name System Security Extensions — uses digital signatures to assure name servers that the DNS data they receive has not been intercepted or tampered with.

The organisation responsible for managing the assignment of IP addresses and domain names, Icann, on Thursday published the root zone trust anchor. This allows the operators of internet root servers to begin to issue certificates to verify who they are to other root operators. The publication marks the completion of the signing of the root zone, meaning that all root operators are now involved in the exchange of valid certificates.

"Today marks one of the most significant moments in the history of the internet. Yet, for most people, it will go by entirely unnoticed," said Roy Arends, head of research at UK internet registry Nominet, in a statement. "This technology change is an enabler for new technologies to be built and deployed to further enhance the security of the Domain Name System and ultimately ensure the internet remains a safer and trusted place for all."

The aim of the DNS security extensions is to hinder cybercriminals who use DNS cache poisoning to redirect internet users from legitimate websites to fraudulent equivalents. DNS cache poisoning involves replacing the numeric addresses of legitimate websites in domain name servers with the addresses of malicious sites.

DNSSEC was rolled out over all 13 internet root servers in May as a test bed, but the publication of the root zone trust anchor allows the system to start operating harmoniously. Ripe NCC, which is one of the five regional internet registries, said that the extensions can now start to be fully deployed across the internet.

"The power of DNSSEC is that the whole namespace can now be signed hierarchically. It's another piece in the puzzle, as verification can now be fully automated," Ripe chief scientist Daniel Karrenberg told ZDNet UK. "DNSSEC has become mainstream and easily deployable. This ramping up is really significant."

Karrenberg said that from Thursday, each top-level domain (TLD) nameserver will no longer have to be configured to recognise trusted key material, reducing the administrative burden on top-level domains. More top-level domains will be DNSSEC signed, said Karenberg, who expected that owners of banking domains will also start to use DNSSEC more.

In addition, the operation of DNSSEC in the root zone should encourage ISPs and the IT departments of large organisations to adopt it, according to Karrenberg.

"I would think that organisations and websites concerned about trust would be early adopters," said Karrenberg.

Ripe has been involved in the development of DNSSEC, a process that has been going on for decades. Karrenberg said that Ripe NCC and European ISPs had to push Icann to adopt DNSSEC.

"Ripe NCC and European ISPs have driven this [development process] for more than a decade, and we have been pressing Icann to sign the root," said Karrenberg. "Icann wants to enhance DNS, but they are necessarily a conservative bunch. DNS is such a key component of the internet they don't want to break it — Icann is naturally reticent."

Security company Symantec said that internet security will get better through DNSSEC use, but that improvements to security will not be rapid.

"DNSSEC is a step forwards, but we're really at the very early stages," said Orla Cox, security operations manager for Symantec Security Response. "This is one step down a long road."

Cox believes that criminals will try to circumvent the DNSSEC signing procedure and that spoofing certificates may still be possible.