AOH :: IS1743.HTM

Domain Name System still less than secure

Domain Name System still less than secure
Domain Name System still less than secure

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By William Jackson
Feb 19, 2009

DNSSEC is the only practical solution to fixing DNS, but it is not yet 
practical enough

Exploits for a serious cache-poisoning vulnerability discovered in the 
Domain Name System (DNS) last year have begun to appear in the wild, and 
they have made security researcher Dan Kaminsky a believer in DNS 
Security Extensions (DNSSEC).

=E2=80=9CI=E2=80=99ve never been a DNSSEC supporter,=E2=80=9D Kaminsky said today at the Black 
Hat Federal security conference being held in Arlington, Va. =E2=80=9CAt best, 
I=E2=80=99ve been neutral on the technology.=E2=80=9D

Kaminsky, director of penetration testing at IOActive, Inc., last year 
discovered the vulnerability in the DNS that underpins the Internet and 
helped to engineer the release of a patch for it. The patch, which 
introduced more port randomization into DNS servers, was merely a quick 
fix and Kaminsky said he has come to the conclusion that no security 
technology except DNSSEC can scale well enough to fix the problem.


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Best Selling Security Books and More! 


Site design & layout copyright © 1986-2014 CodeGods