Friday, February 20, 2009

Researcher: DNS Sucks Major Ass


"Exploits for a serious cache-poisoning vulnerability discovered in the Domain Name System (DNS) last year have begun to appear in the wild, and they have made security researcher Dan Kaminsky a believer in DNS Security Extensions (DNSSEC).

"Kaminsky, director of penetration testing at IOActive, Inc., last year discovered the vulnerability in the DNS that underpins the Internet and helped to engineer the release of a patch for it. The patch, which introduced more port randomization into DNS servers, was merely a quick fix and Kaminsky said he has come to the conclusion that no security technology except DNSSEC can scale well enough to fix the problem.

"The problem with DNSSEC is that it is difficult to deploy and manage, and it has been adopted only slowly and reluctantly..."


Read more at GCN...

No comments: