Security News
Cloudflare, known for free speech advocacy, rolled out a self-styled family-friendly variation of its DNS service to block adult content - and ended up denying access to LGBTQ websites and sex education resources. Cloudflare's initial filter configuration for adult content prevented users from visiting useful and crucial online resources including Stonewall, LGBT Foundation, Outright, Mermaids, Broken Rainbow, Transgender Law Center, Lambda Legal, and various sex education sites.
Compounding the issue is that certain operating systems and browsers use new encryption technologies - DNS over TLS and DNS over HTTPS - in the query response handshake with these unauthorized DNS services that make them harder to block. Today I'm going to talk about DNS over HTTPS misuse or abuse.
The DoH capability is designed to protect and augment the existing DNS infrastructure investment for service providers. Security and visibility - A10 provides secure application services to protect DNS infrastructure from multiple attack vectors, these are extended with the DoH capability.
Mozilla has said it plans to make a privacy technology called DNS-over-HTTPS the default setting for US users of Firefox within weeks. Although not a perfect shield against DNS snooping, DoH makes that a lot harder.
Mozilla has started rolling out encrypted DNS-over-HTTPS by default for its Firefox users in the United States. DoH provides increased security for Internet users, the DoH protocol ensures that DNS queries and DNS responses are sent and received over HTTP using TLS. Mozilla has been working on bringing DoH to Firefox since 2017, and tens of thousands were already using the protocol in September 2019, when it revealed plans to roll out DoH to Firefox users in the U.S., in fallback mode.
In theory DNS over HTTPS does not hide the "Fact" of the request transmission, "When" or "Length" of the request from a "Third party" evesdropper only the request "Contents". That is whilst DNS over HTTPS might hide the request contents it does not hide the request or the time it happened at, nore does it hide the traffic to the site the DNS request was for.
Starting today, Mozilla is activating the DNS-over-HTTPS security feature by default for all Firefox users in the U.S. by automatically changing their DNS server configuration in the settings. That means, from now onwards, Firefox will send all your DNS queries to the Cloudflare DNS servers instead of the default DNS servers set by your operating system, router, or network provider.
SECURE Magazine issue 65 released(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Offensive Security releases major update to its Penetration Testing with Kali Linux training courseThe new course doubles the amount of content available to train students the skills and mindset required to be a successful security professional and prepare for the Offensive Security Certified Professional certification.
A switch to an alternative DNS provider may deliver faster, more secure, or more reliable results. In my experience, both Cloudflare and Google DNS services often perform better than ISP-provided DNS services.
In anticipation of his keynote at HITB Security Conference 2020 in Amsterdam, we talked to internet pioneer Dr. Paul Vixie, Farsight Security Chairman and CEO. Dr. Vixie was inducted into the internet Hall of Fame in 2014 for work related to DNS and anti-spam technologies. He is the author of open source internet software including BIND 8, and of many internet standards documents concerning DNS and DNSSEC. You've worked in the DNS field for more than three decades, how have things changed since the late 1980s?