---

Home Security

IETF: Should We Ignore the Kaminsky Bug?

By

“In July, security researcher Dan Kaminsky discovered a DNS bug
that allows for cache poisoning attacks, where a hacker redirects
traffic from a legitimate Web site to a fake one without the user
knowing. With DNSSEC, the IETF already has a solution to the
Kaminsky problem and other known DNS vulnerabilities. However,
DNSSEC hasn’t been widely deployed, although it has been under
development for more than a decade.

“DNSSEC prevents hackers from hijacking Web traffic and
redirecting it to bogus sites. The Internet standard prevents
spoofing attacks by allowing Web sites to verify their domain names
and corresponding IP addresses using digital signatures and
public-key encryption.

“The problem is that DNSSEC prevents Kaminsky attacks only when
it is fully deployed across the Internet — from the DNS root zone
at the top of the DNS heirarchy down to individual top-level
domains, such as .com and .net. Until then, Web sites remain
vulnerable to Kaminsky-style attacks.”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis

Must Read

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

Our Brands

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.