Skip to main content

Kaminsky's DNS Vulnerability Much Worse Than Previously Thought

The much touted Domain Name Server (DNS) vulnerability seems to be more dreadful than being speculated so far.

Addressing the Black Hat conference in Las Vegas, Kaminsky, Director of Penetration Testing for IOActive, unveiled the details of the DNS flaw, and stated that the attacks he discovered are seem to be more effective than mere phishing intrusions.

The vulnerability hovers around the ‘cache positioning attacks’ that include tricking the DNS to identify the misleading URLs, and thereby rerouting the server’s traffic to a malicious website.

In addition to cache positioning attacks, the vulnerability also allows the cyber criminals to exploit IPSec VPNs, spam filters, VoIP applications, automatic software update systems, SSL certifications, and other such entities, Kaminsky added.

Kaminsky has mentioned the need for an advanced security application, as the current recommended solution, randomizing the source port, is not more than a stopgap solution for this precarious problem.

He also warned that DNS vulnerability is just one of the several potential flaws that are going to hit us in future, mainly pertaining to fundamental flaws in the system.

Désiré Athow
Désiré Athow

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.