"Speaking at the Black Hat DC 2009 conference Thursday, the
prominent security researcher told the audience that the lack of
DNS security not only makes the Internet vulnerable, but is also
crippling the scalability of important security technologies.
""DNS is pretty much our only way to scale systems across
organizational boundaries, and because it is insecure it's
infecting everything else that uses" DNS, the fundamental Internet
protocol that provides an IP address for a given domain name, said
Kaminsky, director of penetration testing at IOActive. "The only
group that has actually avoided DNS because it's insecure are
security technologies, and therefore those technologies aren't
scaling." Kaminsky began promoting DNSSEC last summer, following
his discovery of a significant DNS flaw -- known as the Kaminsky
Bug -- where cache poisoning attacks allow a hacker to redirect
traffic from a legitimate Web site to a fake one without users
realizing it."
