Well here we are on Cyber Monday. A search of that term yields a virtual mall of shopping sites and sponsored links. Black Friday sites also pop up. There certainly is money to be made from online shopping. It even has a sponsor, the National Retail Federation's Shop.org division.
The term Cyber Monday originates from the presumption that workers are spending today shopping online using their computers at work. Employers are doing their part to keep the economy moving along, but I’m not sure if they are as keen on the concept.
With retail increasingly dependent on a safe and secure internet, one would think there would be great interest in a simple and inexpensive way to ensure their customers arrive at the correct web site. According to USA Today, phishing attacks soared 300% during the Thanksgiving time period in 2007 and are expected to be worse this year. And there are many other ways that shoppers can be redirected.
However, during this shopping season virtually zero retail sites employ DNSSEC. DNSSEC would authenticate the online web sites for shoppers so they could be sure they were at the correct place with no man in the middle spying on them.
Why don’t retailers deploy DNSSEC? It’s inexpensive and simple to deploy and provides a great deal of comfort for customers. Retailers have not deployed DNSSEC because virtually none of the infrastructure providers outside of Sweden have deployed DNSSEC. The .com, .us and .net top level domains are not yet signed with DNSSEC. By not signing these domains, adoption of DNSSEC by individual web sites is complicated.
All of this will probably change within the next year. The US Government will be deploying DNSSEC in the .gov domain, the Public Interest Registry will deploy it in the .org domain, and Afilias will deploy it in the .info domain. Undoubtedly DNSSEC will be deployed in the .com domain by VeriSign. Secure shopping is a key part of their mission.
But until 2009, here is a link to ABC News on how to make Cyber Monday a (relatively) safe one.
Comments