Kaminsky flaw fixed for .com and .net by 2011

Verisign anticipates an industry-wide effort to finally rid the net of the Kaminsky flaw.

world wide web address

DNSSEC, the long-term solution to the Kaminsky vulnerability, should be completed for .com and .net domains by the first quarter of 2011.

So claims internet infrastructure company Verisign, which said it had made rolling out DNSSEC a "strategic priority," working with ICANN and business communities in a "collaborative industry-wide effort".

The Kaminsky vulnerability made headlines in 2008 for affecting the internet Domain Name System (DNS), which changes web addresses to IP addresses.

The flaw meant that users could be sent to malicious sites even if they typed in legitimate addresses, and forced a multi-vendor effort to fix the problem.

DNSSEC adds an extra layer of cryptography, which enables organisations to digitally sign their DNS data.

"This means that name servers that support DNSSEC can cryptographically authenticate and check the integrity of that data," said Cricket Liu, vice president of architecture at Infoblox.

"That makes things like the Kaminsky vulnerability, which is a cache poisoning attack, impossible to carry out."

Liu said that, up until recently, it had been difficult to put DNSSEC into place as it was "complex".

"Tools that you would use to digitally sign the DNS data have been fairly rudimentary," he said.

According to Infoblox's annual DNS survey, released on the same day as Verisign's announcement, the number of DNSSEC signed zones had increased by approximately 300 per cent.

Liu said: "In terms of the percentage it is pretty impressive, but in terms of the absolute zones that have been signed, it is pretty small."

"We'd really like to see the adoption continue to increase," he added.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

IT retailer faces €10.4m GDPR fine for employee surveillance
General Data Protection Regulation (GDPR)

IT retailer faces €10.4m GDPR fine for employee surveillance

18 Jan 2021
Should IT departments call time on WhatsApp?
communications

Should IT departments call time on WhatsApp?

15 Jan 2021
BT faces £600m class-action lawsuit for 'overcharging'
Policy & legislation

BT faces £600m class-action lawsuit for 'overcharging'

18 Jan 2021