Thursday, August 07, 2008

Flaw in domain name system [DNS] exploitable

The Washington Post [Brian Krebs ] noted that about one month ago, on 8 July 2008, Microsoft, Cisco, Sun Microsystems and dozens of other Internet companies shipped software updates to fix a fundamental design flaw in DNS, the communications standard that acts as a kind of phone book for the Internet, translating human-friendly Web site names like into numeric addresses that are easier for networking equipment to handle and route.

HOWEVER, Dan Kaminsky discovered a fairly trivial way that bad guys could corrupt records found in the domain name system (DNS) and fill them with inaccurate information. IPBiz notes that law reviews have been filling their pages with inaccurate information for quite a while. Contrary to a 2005 article in the Stanford Law Review, Gary Boone did not invent the integrated circuit.

SEPARATELY, Kaminsky showed how the flaw could also be used to intercept or manipulate e-mails.

The Krebs paper has a link to a PowerPoint by Kaminsky, which mentions the DNSRake.


Post a Comment

<< Home