Internet hasn’t been this insecure in over 10 years, or so they say
Internet security researcher Dan Kaminsky spoke at the annual Black Hat conference in Las Vegas recently about a major security flaw he says is the worst he’s seen in over 10 years. The problem, he states, lies in the DNS system we use today in which web addresses are re-directed to numerical IP addresses. This process can be so easily corrupted, that it poses a serious threat all across the board.
According to the LA Times, Kaminsky put together an industry-wide effort to introduce patches from Microsoft, Cisco, Sun Microsystems and other major technology vendors, for customers to begin applying after he issued a public warning about the issue about a month ago.
Kaminsky believes that the numerical elements of our DNS system provides instant access for hackers to manipulate it and send users to imitation websites, or worse yet, install malicious software on the user’s computer. Kaminsky also showed how this flaw could be used to attack places that some professionals had believed immune. A prime example; the Secure Sockets Layer, signified by “https://” at the beginning of a website address, could be manipulated to fool the authentication companies into displaying a security certificate to users.
Kaminsky got standing ovations for his discovery of the flaws in the DNS system, which makes me wonder why this is such ground-breaking new information. I thought it was always known that by directing web addresses to unique IP addresses posed a security threat. Apparently not, or maybe the severity of the problem just hadn’t been recognized. Either way, there still needs to be a solution. Home PC users are at the highest risk, as enterprise systems are receiving bug fixes from Kaminsky’s on-going initiative. Now, it’s just a matter of time before those fixes make their way into the home sector, and the problem will hopefully be diminished. I guess we’ll see what happens.
Related Posts:
