The DNSSEC specification was released in 2005 to help secure our DNS infrastructure and protect domains from being spoofed by implementing a PKI similar to what is used for SSL Certificates. Fast-forward to now and everyone is using it, right? Wrong. Not only are less than 1% of major websites using DNSSEC, but those that are arguably weaken their security posture by exposing all of their domains to reconnaissance by bad actors. In this talk we will walk through the history of DNSSEC, why its adoption has stalled, weaknesses in the spec and what we can learn to help build better systems to protect our DNS.
Alfredo leads the Research and Development Team at SecurityScorecard, focused on collecting observational data (non-intrusively) that provides insight into organizations' security posture. Previously he has spent time as a security consultant at VSR, performing all manner of penetration testing, and as a Vulnerability Research Engineer at Tenable Network Security.