AOH :: ISNQ6009.HTM

Experts Accuse Bush Administration of Foot-Dragging on DNS Security Hole




Experts Accuse Bush Administration of Foot-Dragging on DNS Security Hole
Experts Accuse Bush Administration of Foot-Dragging on DNS Security Hole



http://blog.wired.com/27bstroke6/2008/08/experts-accuse.html 

By Ryan Singel 
Threat Level
Wired.com
August 13, 2008

Despite a recent high-profile vulnerability that showed the net could be 
hacked in minutes, the domain name system -- a key internet 
infrastructure -- continues to suffer from a serious security weakness, 
thanks to bureaucratic inertia at the U.S. government agency in charge, 
security experts say.

If the complicated politics of internet governance continue to get in 
the way of upgrading the security of the net's core technology, the 
internet could turn into a carnival house of mirrors, where no URL or 
e-mail address could be trusted to be genuine, according to Bill 
Woodcock, research director at the nonprofit Packet Clearing House.

"The National Telecommunications and Information Administration, an 
agency of the Department of Commerce, is the show-stopper here," 
Woodcock said.

At issue is the trustworthiness of the domain name system, or DNS, which 
serves as the internet's phone book, translating queries such as 
wikipedia.org into the numeric IP address where the site's server lives.

Just weeks ago, security researcher Dan Kaminsky announced he'd 
discovered a way for hackers to feed fake info into DNS listings, which 
would allow hackers to redirect web traffic at will -- for example, 
routing every person attempting to log in to the Bank of America to a 
fake site controlled by the attacker.

Kaminsky quietly worked with large tech companies to build patches for 
the net's name servers to make the attack more difficult. But security 
experts, and even the NTIA, say those patches are just temporary fixes; 
the only known complete fix is DNSSEC -- a set of security extensions 
for name servers.

[...]


__________________________________________________      
Visit Defcon Pics - Defcon Memory Repository 
http://www.defconpics.org 

Site design & layout copyright © 1986-2014 CodeGods