Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


More on LinuxToday


IETF: Should We Ignore the Kaminsky Bug?

Nov 21, 2008, 17:33 (0 Talkback[s])

"In July, security researcher Dan Kaminsky discovered a DNS bug that allows for cache poisoning attacks, where a hacker redirects traffic from a legitimate Web site to a fake one without the user knowing. With DNSSEC, the IETF already has a solution to the Kaminsky problem and other known DNS vulnerabilities. However, DNSSEC hasn't been widely deployed, although it has been under development for more than a decade.

"DNSSEC prevents hackers from hijacking Web traffic and redirecting it to bogus sites. The Internet standard prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.

"The problem is that DNSSEC prevents Kaminsky attacks only when it is fully deployed across the Internet -- from the DNS root zone at the top of the DNS heirarchy down to individual top-level domains, such as .com and .net. Until then, Web sites remain vulnerable to Kaminsky-style attacks."

Complete Story

Related Stories: