Ars Technica reports that security researcher Rob Graham of Errata Security, after analyzing nearly 23, 000 Tor connections through an exit node that Graham controls, believes that the encryption used by a majority of Tor users could be vulnerable to NSA decryption: "About 76 percent of the 22, 920 co.
Actually, DNSSEC is essentially signing of records to prevent spoofing of them because DNS is a non-secure protocol, that is, it actually travels over UDP, which is one of the topics this week. We're going to talk about ICMP and UDP as the first two of the Internet protocols that we discover. And DNS is carried by UDP, which unlike HTTPS, which we also often talk about can be protected by SSL, also known as TLS security, there is no similar security for DNS. So it's very possible for bad guys to perform man-in-the-middle attacks on DNS, altering the DNS records as they're going out or back and forth to a client that's making a query. So DNSSEC is a means of adding that missing security to DNS. So it's different from the NAPTR records. And the good news is it has been around for a long time. And this stuff is just slow to get adopted. When you look at when these various standards are created, it's just inertia on the Internet. Well, I mean, and another example of that is IPv4 versus IPv6.