DNSSEC: One in Ten Swedish Domains Secure against Phishing

STOCKHOLM, January 2, 2012 /PRNewswire/ --

Swedish hosting provider Binero has DNSSEC-signed all customer .se-domains, increasing the total amount of signed .se-domains from 5000 to more than 100 000. Nearly one in ten Swedish domains are now validated against attacks with manipulated dns-information, like phishing. The .se-registry, .SE has long called for DNSSEC to be introduced. Binero offers the DNSSEC-validation free of charge and becomes the second largest provider in the world for DNSSEC-signed domains. When more actors follow this example, the entire .se-domain zone may become the first to be fully signed.

"DNSSEC-validation will not gain general acceptance as long as it is offered by few, often at an additional cost. At Binero we want to do better than that, so we offer all our customers DNSSEC-validation free of charge for domains registered through us. We hope our industry colleagues will follow our example", said Binero founder and CEO, Anders Aleborg.

It has long been possible to manipulate the information between the recursive resolver name server and the web browser (DNS-cache poisoning). It is a known way to divert internet traffic in order to steal the mail- or credit card information of visitors (phishing).

A solution to this is to DNSSEC-validate the domain zone. When a domain name is requested by a browser, the signature is checked against a key with the party responsible for the domain zone in question. Most Swedish internet service operators (ISP:s) have DNSSEC-validated resolvers today, but few other than them. As of November 2011, there were still only 5089 validated .se-domains, in spite of the top domain administrator, .SE having called for DNSSEC-adoption since 1999. .SE warned of manipulated dns-information among .se-domains as late as December 2011.

"In 2011 alone, five SSL-certificate providers or their resellers have had problems with unreliable certificates, and the problem is increasing as more money is invested online", said Anne-Marie EklundLöwinder, Chief Security Officer with .SE, referring to among others the Diginotar case where several global mail services where among the ones with false certificates.

This month, Sweden's third largest reseller of .se-domains, Binero hosting has DNSSEC-signed the .se-domains of all customers, nearly 100 000 without charging anything extra.

"This DNSSEC-validation along with the one by ISP:s increases security both directly and also indirectly, by increasing the ability to reliably spreading security attributes like ssh-keys, SSL-certificates and similar. We applaud the registrars who have gone ahead and DNSSEC-validated and we expect DNSSEC to become a compulsory requirement for registrars as well as for customers during 2012", said Danny Aerts, CEO of the .SE Registry.

You can check if a .se-domain is DNSSEC-secured on  http://dnscheck.iis.se/

For more information, please contact:
Anders Aleborg, CEO, Binero, +46(0)76-804-42-00, anders.aleborg@binero.se
Erik Arnberg, Marketing Manager, Binero, +46(0)70-398-75-34, erik.arnberg@binero.se
Maria Ekelund, Head of Communications, .SE, +46(0)70-777-44-87, maria.ekelund@iis.se
A-MEklundLöwinder, Head of Quality and Security, .SE, +46(0)8-452-35-17, anne-marie.eklund-lowinder@iis.se