We’re the DNSSEC Experts.

We are an active contributor to DNS(SEC) standards, and the ONLY commercial DNSSEC vendor consulted on signed root deployment.

Our corporation's expertise is in accelerating the design, development and deployment of usable secure systems, based on open protocols and standards based security.
Our products make DNSSEC compliance simple, simple, simple, with a GUI second to none.
Learn More >

What They’re Saying

“DNSSEC needs to be far more automated than it is today. The Xelerance DNSX appliances address this issue.”
-- Dan Kaminsky

Upcoming Event:

Xelerance

Three large scale DNS attacks launched against Brazilian internet users

Posted November 10, 2011 in news

Cable modem customers had their DNS traffic modified andwere redirected to malicious sites all over Brazil. In the last few months, a
series of DNS attacks involving cache poisoning emerged there.

In these instances, cable ISP customers had hackers update their cable modem settings to change the DNS servers to malicious servers used to redirect the users.

One national ISP suffered from cache poisoning in their national DNS infrastructure inflicted by one of their employees, also resulting
in customers being redirected to malicious websites.

These large scale DNS cache poisoning attacks are becoming more common place all over the world and there are no safe havens.

Hackers can target their cache poisoning attacks at either the DNS servers that resolves the domain names of organizations such as banks, insurance companies and online retailers, or they can target their attacks at the client end such as cable modems or other ISP provisioning servers.

Content providers such as banks and financial institutions can drastically reduce their exposure to these attacks if they implement the DNS Security Extension (DNSSEC) allowing their customers to validate their signed DNS records. Their customers would have been protected from these redirection attacks, as their computers and phones would not have believed the poisoned DNS answers in these Brazilian attacks.

Apart from domain owners deploying DNSSEC to protect their domains, endusers can protect themselves by  deploying DNSSEC on their own laptop. Browsers such as Google Chrome and Mozilla Firefox are working on DNSSEC integration. However; until these vendors catch up, users can install their own protection on laptops running Windows, OSX and Linux. One such addon, “dnssec-trigger”, ensures a user gets full DNSSEC protection, no matter what network or wireless network they use.
http://www.nlnetlabs.nl/projects/dnssec-trigger/

About DNSSEC:
DNS Security Extension (DNSSEC) adds security to DNS while maintaining backwards compatibility. DNSSEC was designed to protect Internet users from forged DNS data, such as that created by DNS cache poisoning. All answers in DNSSEC are digitally signed.

Checking the digital signature of DNS, a computer is able to check if the DNS information was tampered with or not

About Xelerance:
Headquarteredin Ottawa, the high-tech capital of Canada, Xelerance provides products and services to secure the internet. Its products include DNSX Secure Signer, whichwon the Best Security Hardware award at FOSE 2010, and DNSX Secure Resolver.

Login