| Thread Tools |
30th January 2013, 11:17 | #1 |
[M] Reviewer Join Date: May 2010 Location: Romania
Posts: 148,553
| Grim DNS bug still alive and well A particularly nasty bug in the DNS system of the internet is still installed on many important computers. Dubbed the Kaminsky bug, after its discoverer, the flaw was revealed five years ago. A fix has been issued, but it appears that only a handful of US ISPs, financial institutions or e-commerce companies have deployed it. Dan Kaminsky warned at the time that the flaw made it possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate website to a fake one without the website operator or end user knowing. The only way to fix the problem is DNSSEC, which uses digital signatures and public-key encryption to allow websites to verify their domain names and corresponding IP addresses and prevent man-in-the-middle attacks. According to Network World, a ridiculously low number of US corporations have deployed DNSSEC. None of the top 100 major US e-commerce companies tested by Secure64 was using digital signatures to sign their zones, nor were any of these organisations validating DNSSEC queries. Apparently none of the 100 e-retailers tested, including Amazon.com, had established a chain of trust, or verified electronic signatures, at each DNS lookup node. Recently a survey, conducted weekly by the National Institute of Standards and Technology, indicated that less than one percent of 1,000 US industry websites have fully deployed DNSSEC. These include Comcast, Data Mountain, Infoblox, PayPal and Sprint. Dyncorp, Simon Property and Juniper Networks have done so partly. What is more alarming is the names who have said they are not not deploying DNSSEC read like a Who's Who of American industry. Fifth Third Bancorp, Bank of America, Cardinal Health, Charles Schwab, Delta Air Lines, Disney, eBay, Target, WellPoint Wells Fargo, Apple, Cisco, Google, IBM and Symantec haven't deployed DNSSEC yet. http://news.techeye.net/security/gri...alive-and-well |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Dead or Alive 5 Review (PS3) | Stefan Mileschin | WebNews | 0 | 31st October 2012 06:30 |
Larrabee alive and well... | jmke | WebNews | 0 | 28th May 2010 15:23 |
Review: Dead or Alive 4 | jmke | WebNews | 0 | 12th January 2006 00:20 |
Plagiarism - Well And Alive | Sidney | WebNews | 0 | 15th November 2005 16:14 |
ATI Radeon 9800 Pro will stay alive | jmke | WebNews | 0 | 14th February 2005 10:25 |
Knight Online comes alive with Confederacy and Siege War | jmke | WebNews | 0 | 16th July 2004 11:30 |
CDwriter dead or alive? | veder | Hardware/Software Problems, Bugs | 0 | 21st April 2003 13:33 |
Thread Tools | |
| |