IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Timeline: Kaminsky’s DNS vulnerability

Is the internet fatally flawed? IT PRO looks at how isolated attacks on Domain Name System servers have risen in profile to become one of the most talked about threats in 2008.

A vulnerability affecting the internet Domain Name System (DNS) discovered by Dan Kaminsky became the most high profile security threat of 2008.

He saw that there was a fatal flaw affecting the DNS - which translates web addresses to IP addresses. Users could be sent to malicious sites even if they typed in legitimate addresses and the potential for system-wide problems resulted in an unprecedented multi-vendor effort to create patches for the problem.

But DNS attacks are nothing new. The DNS looks to have problems which still haven't been fully solved, and we trace how the issue has progressed from isolated attacks to the story dominating security for the past couple of months.

February 2007: Hackers take aim at internet root serversAn attack was made on the DNS servers of three of the 13 computers that manage traffic on the internet in a 12-hour Denial of Service (DoS) attack. It was thought to be the one of the biggest seen in four years.

April 2007: New bug hits Windows DNS serviceVulnerability found in the Windows 2003 server which could allow hackers to take over servers and run remote code.

November 2007: DNS servers still vulnerableA study claims that although DNS servers are increasing and modernising, they are still vulnerable to attacks.

July 2008: DNS protection not good enoughDan Kaminsky claims that researchers are not providing enough protection for the DNS security hole which he discovered. Kaminsky's approach was different in that the fact it could speed up attacks and was more potent than seen previously. Kaminsky kept quiet about the flaw for six months, allowing a multi-vendor patch effort involving Microsoft, Sun and Cisco.

July 2008: DNS attacks 'imminent' warns MicrosoftMicrosoft warns that the publication of exploit code has increased the chance of attack.

August 2008: Apple's patch fails to fully protect against DNS flawApple's belated attempt to create a patch for the DNS system problem does not completely solve the problem, say experts.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Cisco to exit Russia, Belarus in business wind-down
Business operations

Cisco to exit Russia, Belarus in business wind-down

24 Jun 2022
WAN Insights is Cisco’s first foray into predictive network intelligence
Network & Internet

WAN Insights is Cisco’s first foray into predictive network intelligence

16 Jun 2022
Cisco unveils new ‘intelligent’ approach to networking with brace of product launches
Network & Internet

Cisco unveils new ‘intelligent’ approach to networking with brace of product launches

16 Jun 2022
Deepfake attacks expected to be next major threat to businesses
phishing

Deepfake attacks expected to be next major threat to businesses

16 Jun 2022

Most Popular

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

18 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
The benefits of a hardware update for SMBs
Sponsored

The benefits of a hardware update for SMBs

2 Aug 2022