Thoughts 07 Aug 2008 10:27 am
DNS Flaw
Dan Kaminsky discovered a way for malicious hackers to hijack DNS and re-direct people to fake pages even if they typed in the correct address for a website.
After publicly announcing a flaw in the DNS system and suggesting patches, Mr. Kaminsky, speaking at the Black Hat conference in here in Las Vegas, said fixes for the flaw in the net’s Domain Name System (DNS) had focused on web browsers but it could be abused by hackers in many other ways.
In his lecture Mr Kaminsky detailed 15 other ways for the flaw to be exploited.
Kaminsky also said that 75% of Fortune 500 companies have fixed the problem while around 15% have done nothing.
—I wonder what happened to the other 10%?—
Taking a different tack, VeriSign which issues many of the security certificates used in SSL, said the whole thing was nothing but hype. They maintain 2 of the 13 master DNS servers and say they’ve long since engineered around the problem.
–That’s only 2 out of 13. And why do the “I’m invincible” statements worry me?–
Mr Silva at VeriSign went on to say that even though patches have been put in place, this doesn’t mean users can sit back and relax.
“The biggest gap in security rests between the keyboard and the back of the chair,” he said.
–Amen brother–
“Social engineering -because there’s no patch for stupid.”