VeriSign is the world's largest digital certificate authority and is steward of the A and J root servers (two of the 13 computers representing the top of the Internet's hierarchy). With 40 percent of North American e-commerce payments going through its gateways, 100 percent of .com registrars running 15 billion queries a day through its system, and 50 percent of North American cellular roamings going through its servers, VeriSign has a significant role in seeing that the Internet infrastructure runs securely.

Over the years, the root DNS servers have proven vulnerable to domain name spoofing (through a technique called DNS cache poisoning) and Distributed Denial of Service attacks (the latter of which came to light during a concerted effort to take down the DNS root servers in 2002). Not to mention the search query redirect debacle in 2003, in which VeriSign took advantage of its position as DNS manager and forcibly rerouted all unresolved search queries to a paid-for advertising site created by a dubious spammer. This forced redirect broke a lot of DNS servers and raised such a ruckus that VeriSign shut down the service barely a week after it went live.

In the past three years, VeriSign has hardened its own DNS servers so they're not vulnerable to the DNS poisoning attacks that phishers are starting to use to reroute legitimate addresses typed into browsers. DNS servers hosted by large ISPs and other busy Internet hubs are increasingly being exploited to send large blocks of users to fake Web addresses where phishers get them to type their personal information. The trend was reported in January, when the Anti-Phishing Working Group reported that DNS poisoning was used to redirect Google and Amazon users to a phony pharmacy site.

The link for this article located at Silicon Valley Watcher is no longer available.