According to security researcher Dan Kaminsky, the DNS protocol vulnerability is more serious than previously expected.
By: Jerry Carter
Published: Aug 7, 2008
Updated: Sep 2, 2010
Dan Kaminsky is the director of penetration testing for IOActive and was speaking before a packed audience on August 6th at the Black Hat conference. Kaminsky is the same researcher that found the DNS protocol vulnerability several years ago, but now he says that the flaw is much worse than he first expected.
Though vendors worked together to coordinate a release of a patch in July, the flaw means that the current level of security that is taken for granted today may not always be there. The concern is that there is a concern that there could be an attacker that is the man in the middle, between you and the site you are going to, or the email that you are sending or receiving.
Kaminsky went on to say that off hand there are about fifteen ways of running an attack, but Kaminisky added that there are likely more. He said it has always been thought hard to poison DNS records, but really the process is like a race between a good guy and a bad guy trying to get the secret transaction ID number.
{slot15}Kaminsky explained that there are three stages to computer hacking. the first is to attack the servers, the second is to attack the browsers such as Javascript or ActiveX. But in the third stage is where the hacker is able to attack everything else and that is the stage that we are now entering and everything else is completely possible.
Kaminsky said that if a site wanted to establish a Trust Authority Certificate with a Certificate Authorities, and they use email to confirm the ID of the requester. And all he has to do is own a DNS. At that point it is then possible to poison Google Analytics and Google AdSense as well because they rely on DNS lookup.
In fact most everything now relies on DNS lookup. If you type a name of a company into a browser followed by a .com, the DNS will resolve it to it's numerical address. This is also true with email or when we log onto a website. The DNS is the circle of trust on the Internet, and Kaminsky has found how it can be broken much more easily than we had earlier feared.
You can share this Internet news story with your friends or family from our Technology section. This article can be shared through e-mail or sent to online social Web sites including Twitter, Facebook, MySpace and others. You can choose from one of the options below.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Welcome!