DNS flaw is much worse than first thought

Discussion in 'News' started by Kitkatninja, Aug 7, 2008.

  1. Kitkatninja
    Highly Decorated Member Award 500 Likes Award

    Kitkatninja aka me, myself & I Moderator

    11,143
    559
    383
    Aug 7, 2008 #1

    DNS flaw is much worse than first thought



    IN A TALK at the Black Hat conference in Las Vega on Wednesday, security researcher Dan Kaminsky said that the systemic Internet Domain Name System (DNS) vulnerability he discovered some months ago is much more dangerous than most have appreciated.

    "Every network is at risk," Kaminsky told the overflow crowd gathered for his presentation. "That's what this flaw has shown." He said that what little he'd initially revealed about the DNS vulnerability, and the later leak of more details about it, was only the tip of an iceberg that he called the worst Internet security risk to surface since 1997.

    The initial worry has been the danger that hackers could exploit the DNS cache poisoning vulnerability that Kaminsky found to hijack web browsers and route unsuspecting wibblers to malicious websites harboring phishing or malware attacks.

    To read the whole read, see here. This is to follow on from this news post.

    -Ken
     
    Certifications: MSc, PGDip, PGCert, BSc, HNC, LCGI, MBCS CITP, MCP, MCSA, MCSE, MCE, A+, N+, S+, Server+
    WIP: MSc Cyber Security
porta2_tags:

Comments

    1. Crito
      Crito
      Hacker discovers "flaw" is just a common bug and fixes it by changing one character.
      http://it.slashdot.org/article.pl?no_d2=1&sid=08/08/29/127210

      Aug 29, 2008
      #2
    2. hbroomhall
      hbroomhall
      There seems to be a lot of argument about this patch, as it changes the way BIND works.

      I'm not expert enough in BIND to have an informed view, but it seems to me from comments I've seen that not everyone agrees that this is a 'root cause' or even the 'right thing to do'.

      Harry.
      Aug 29, 2008
      #3
    3. onoski
      onoski
      This has been discussed previously in another post started by Freddy and hence the end of it he has not signed into CF:) since then. Please, let it die, die:)
      Aug 29, 2008
      #4

    Share This Page

Remove Advertisement - Premium Membership
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...