Company News: Page (1) of 1 - 12/06/11 Email this story to a friend. email article Print this page (Article printing at page facebook

OpenDNS Previews DNSCrypt, New Technology Poised to Positively Impact Security and Privacy of Internet Users As SSL Did for Web Traffic, Address the Elephant in the Room of DNS Security

  (December 06, 2011)

San Francisco, CA (PRWEB) December 06, 2011

OpenDNS, the world's largest and fastest-growing provider of Internet security and DNS services that deliver a safer, faster and more intelligent Internet experience to everyone, today unveiled a preview of DNSCrypt, a new technology that dramatically improves both the security and privacy of Internet users, particularly those on unsecured wireless hotspots and residential ISP networks. The technology is being open-sourced by OpenDNS and starting today developers are encouraged to access the code on for review and improvements.

DNS has historically been one of the many insecure parts of the Internets critical infrastructure even considering decade-plus attempts to improve it with technologies like DNSSEC. Despite DNSSEC, and the global improvements resulting from Dan Kaminskys discovery of a critical flaw in the DNS, there remains an inherent insecurity in the DNS protocol itself: it is transported in plaintext, unencrypted and in the open. This insecure connection between the end user and their DNS resolver, which might be described as the last mile, is ripe for abuse, and has been abused in the past. The insecure nature of that last mile connection enables an array or attacks and privacy violations. In truth, Internet users have very little privacy when accessing the Internet on unsecured wireless networks and as a result, are left highly vulnerable.

DNSCrypt is significant because it encrypts all DNS traffic between Internet users and OpenDNS, the worlds largest DNS service, today chosen by more than 30 million people or roughly 2 percent of the worlds Internet users. This technological advancement thwarts efforts by attackers, or even Internet Service Providers (ISPs), from spying on DNS activity, or worse, maliciously redirecting DNS traffic.

In the same way the SSL turns HTTP Web traffic into HTTPS encrypted Web traffic, DNSCrypt turns regular DNS traffic into encrypted DNS traffic that is secure from eavesdropping and man-in-the-middle attacks. It doesn't require any changes to domain names or how they work, it simply provides a method for securely encrypting communication between Internet users and OpenDNS servers in the OpenDNS data centers.

DNSCrypt protects Internet users and prevents three primary threats and privacy violations:

Spying: Attackers, ISPs and governments regularly use DNS to spy on Internet users online activity. OpenDNS security experts see this principal privacy violation occur frequently around the world, including in the United States. DNSCrypt prevents this spying, and attempts to thwart known DNS replay, observation, and timing attacks.

Man-in-the-middle attacks: The term describes when an attacker intercepts communication and impersonates both the Internet user and the website he or she is visiting. DNSCrypt prevents man-in-the-middle attacks by preventing insertion of unauthenticated and unencrypted DNS packets, giving Internet users greater confidence in the authenticity of the websites theyre visiting.

Resolver impersonation: Its possible that ISPs or other intermediaries could hijack DNS traffic destined for sites like OpenDNS, Google, and others transparently. Its important that users who choose to use a third-party DNS service have the confidence in knowing their packets are being answered by their designated third-party and are not being re-routed and answered fraudulently.

DNSCrypt is a critical advancement for the DNS, for global Internet security efforts and for the Internet at large, said OpenDNS CEO David Ulevitch. The technology empowers Internet users to secure their own Internet and DNS use and protect themselves from nefarious activity that happens through their DNS connection, but also to insulate themselves from their Internet Service Providers uninhibited access to their DNS activity and domain lookup history. All Internet users have a right to privacy and DNSCrypt gives them both that and a heightened level of security.

I encourage developers to get involved with DNSCrypt, and use their skills to help make the Internet a more privacy-rich and safe place, he continued.

At current, DNSCrypt is available for Mac. Downloads, code and more information can be found at

About OpenDNS
OpenDNS is the world's leading provider of Internet security and DNS services, enabling the world to connect to the Internet with confidence on any device, anywhere, any time. OpenDNS provides millions of businesses, schools and households with a safer, faster and more intelligent Internet experience by protecting them from malicious Web threats and providing them control over how users navigate the Internet, while dramatically increasing the network's overall performance and reliability. For more information about OpenDNS, please visit:


Read the full story at

Page: 1

Related Keywords:computer crime, computing and information technology, satellite technology, wireless technology, science and technology, technology (general), identification technology, agricultural research and technology, computing and information technology, satellite technology, wireless technology, company information, science and technology, technology (general), identification technology, agricultural research and technology, non government organizations (NGO), national government, government departments, government, security measures, national security, social security, government health care, government debt, government aid, security, government contract,

Content-type: text/html  Rss  Add to Google Reader or
Homepage    Add to My AOL  Add to Excite MIX  Subscribe in
NewsGator Online 
Real-Time - what users are saying - Right Now!

Our Privacy Policy --- @ Copyright, 2015 Digital Media Online, All Rights Reserved