Everything we do on the Internet invloves the DNS or Domain Name System request and is vulnerable making it urgent that everyone patch their systems. According to security researcher Dan Kaminsky, the DNS protocol vulnerability is more serious than previously expected.

Internet DNS Flaw Serious Security Issue

By Jerry Carter
Aug 7, 2008 19:09 PM GMT
Everything we do on the Internet invloves the DNS or Domain Name System request and is vulnerable making it urgent that everyone patch their systems.

According to security researcher Dan Kaminsky, the DNS protocol vulnerability is more serious than previously expected.

Dan Kaminsky is the director of penetration testing for IOActive and was speaking before a packed audience on August 6th at the Black Hat conference. Kaminsky is the same researcher that found the DNS protocol vulnerability several years ago, but now he says that the flaw is much worse than he first expected.

Though vendors worked together to coordinate a release of a patch in July, the flaw means that the current level of security that is taken for granted today may not always be there. The concern is that there is a concern that there could be an attacker that is the man in the middle, between you and the site you are going to, or the email that you are sending or receiving.

Kaminsky went on to say that off hand there are about fifteen ways of running an attack, but Kaminisky added that there are likely more. He said it has always been thought hard to poison DNS records, but really the process is like a race between a good guy and a bad guy trying to get the secret transaction ID number.

Kaminsky explained that there are three stages to computer hacking. the first is to attack the servers, the second is to attack the browsers such as Javascript or ActiveX. But in the third stage is where the hacker is able to attack everything else and that is the stage that we are now entering and everything else is completely possible.

Kaminsky said that if a site wanted to establish a Trust Authority Certificate with a Certificate Authorities, and they use email to confirm the ID of the requester. And all he has to do is own a DNS. At that point it is then possible to poison Google Analytics and Google AdSense as well because they rely on DNS lookup.

In fact most everything now relies on DNS lookup. If you type a name of a company into a browser followed by a .com, the DNS will resolve it to it's numerical address. This is also true with email or when we log onto a website. The DNS is the circle of trust on the Internet, and Kaminsky has found how it can be broken much more easily than we had earlier feared.

Filed Under:   Internet News   Technology News


Share Article Link:
Digg Windows Live Favorites MySpace Facebook del.icio.us Reddit Buzz Yahoo MyWeb Google Mixx StumbleUpon propeller Twitter

Send Link via Email:
Google Gmail Yahoo Mail Microsoft Live/Hotmail AOL Mail



Everything we do on the Internet invloves the DNS or Domain Name System request and is vulnerable making it urgent that everyone patch their systems.
Top Images:
GameSHOUT's Holiday Gamer Gear Guide
Review
PC Review: World of Warcraft: Wrath of the Lich King
Review
PC Review: Atlantica Online
Review
PS3 Review: Valkyria Chronicles
Review
PC: Nearly a Quarter of WoW Subscribers Upgrade On Day One
Blizzard Entertainment
Xbox 360 Review: 007: Quantum of Solace
Review
Xbox 360 Review: Spider-Man: Web of Shadows
Review
PS3 Review: Resistance 2
Review
PS3 Review: PS3 Review: Naruto: Ultimate Ninja Storm
Review