Comcast begins DNS security rollout
Comcast has begun migrating its customers to a new Internet security mechanism that will help protect them from being inadvertently routed to phony Web pages for pharming attacks, identity theft and other scams.
Comcast is the first major ISP in the United States to adopt the new mechanism, which is known as DNS Security Extensions (DNSSEC). DNSSEC is an emerging Internet standard that prevents hackers from hijacking Web traffic and redirecting it to bogus sites by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.
Comcast says all of its business and residential customers will have DNSSEC coverage by March 2011. "Starting on Monday, we will start migrating customers to the DNSSEC validating servers," says Jason Livingood, executive director of Internet Systems Engineering for Comcast. "We're doing it in a phased approach."