Kaminsky's DNS Vulnerability Much Worse Than Previously Thought

The much touted Domain Name Server (DNS) vulnerability seems to be more dreadful than being speculated so far.

Addressing the Black Hat conference in Las Vegas, Kaminsky, Director of Penetration Testing for IOActive, unveiled the details of the DNS flaw, and stated that the attacks he discovered are seem to be more effective than mere phishing intrusions.

The vulnerability hovers around the ‘cache positioning attacks’ that include tricking the DNS to identify the misleading URLs, and thereby rerouting the server’s traffic to a malicious website.

In addition to cache positioning attacks, the vulnerability also allows the cyber criminals to exploit IPSec VPNs, spam filters, VoIP applications, automatic software update systems, SSL certifications, and other such entities, Kaminsky added.

Kaminsky has mentioned the need for an advanced security application, as the current recommended solution, randomizing the source port, is not more than a stopgap solution for this precarious problem.

He also warned that DNS vulnerability is just one of the several potential flaws that are going to hit us in future, mainly pertaining to fundamental flaws in the system.