The biggest Internet security hole you never heard of…
By Davey Winder in Editorial
Posted in Blog, Security, Internet on
Over six months ago a penetration tester for a security outfit almost literally stumbled upon a fundamental security issue with the Internet, or to be more precise with the Domain Name System (DNS) that we all rely upon for the damn thing to work properly, that researcher Dan Kaminsky describes it as being such a big problem because the system is doing what it is meant to, what it was designed to, and so the vulnerability will simply be repeated by every vendor involved in the DNS business.
So serious was this design flaw, that Kaminsky says it could give any attacker who exploits it the power to replace any web site with a malicious one, and nobody would be any the wiser.
Which is why he did the decent thing and did not go mouthing off on some ’security blog’ about it before it had been fixed. Instead he went straight to the big boys in the business, Microsoft, Cisco, Juniper etc and asked for them to work together to fix the problem.
I can only say that I am pleased to report they did just that. And this week a number of hardware vendors have simultaneously released patches to seal the DNS security deal. Microsoft, for example, included the fix in its scheduled Patch Tuesday updates.
It is expected that all major ISPs will have applied the necessary ointment to the DNS within 30 days. Which is probably why neither Kaminsky nor the vendors have gone into technical specifics.
If you are truly curious, then the most information currently available can be found at CERT who issued a National Technical Cyber Security Alert on Tuesday.
Meanwhile, Dan the man of the moment Kaminsky has made a browser based DNS exploit checking tool available on his website for any who wants to see if they are still vulnerable or not.
Comment by - July 10, 2008 on 12:21 am
The patch for Windows causes problems for security software like ZoneAlarm, not unexpectedly; I suppose it’s also to be expected that users are criticising Microsoft for the interaction rather than either understanding that it’s a security issue or, if appropriate, criticising the other software vendor…
Pingback by - August 2, 2009 on 9:54 pm
[…] Kaminsky, yes the same Dan Kaminsky who uncovered the biggest DNS flaw ever last year, was also presenting on SSL insecurity. Along with Len Sassamna he managed to fool one Certificate […]
Pingback by - August 4, 2009 on 8:01 am
[…] Kaminsky, si el mismo Dan Kaminsky quien descubrió el fallo más grande jamás hallado en DNS el año pasado, también estaba presentando sobre la inseguridad de SSL. Junto con Len Sassamna se las arreglaron […]
Pingback by - February 12, 2010 on 10:04 am
[…] providing proof that the query has not been modified in transit. This is increasingly important as the bad guys start targeting the data in DNS caches which, without such measures, is now hugely vulnerable to attack. OpenDNSSEC has been […]
Trackback by - February 9, 2012 on 5:18 am
greenpeace uk tar sands…
[…]last October and preserved her unbeaten document […]…
Trackback by - February 9, 2012 on 7:47 am
will smith son dies…
[…]As soon while you recognize that you will be late, you rush concerning the door, take your current wallet, cell […]…
Make a comment
Tag cloud
Archives
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
Most commented posts
- 80 percent of viruses love Windows 7
149 comments
- Has Microsoft gone mental?
- Has the US Army declared war on Windows 7?
- Cuil frozen out: market share drops to next to nothing
- Xbox 360 FAIL
- The 24GB RAM Desktop is born
- Use old version of Windows instead of Linux, says teacher
- Microsoft reveals time-based licensing model
- Windows XP: the invincible OS
- Nexus Two - The Next Generation
Highest Rated Blog Posts
- Why ecommerce fails (100%)
- Google Chrome stands alone at PWN2OWN (100%)
- Betting on Hubdub technology (100%)
- Has Google gone insane as GMail goes back to beta? (100%)
- Chinese whispers as government implicated in UK hack attacks (100%)
- Crimeware toolkit targets 10,000 trusted sites (100%)
- Black Hat risk to migrating VMs (100%)
- Tough on cyber crime, tough on the causes of cyber crime (100%)
- Firefox 3, Beta 4, Enhancements 900, Tested 5 (100%)
- Has the US Army declared war on Windows 7? (100%)

