[ISN] Kaminsky (finally) provides DNS flaw details

From: InfoSec News <alerts_at_private>
Date: Fri, 25 Jul 2008 07:31:37 -0500 (CDT)

By Robert Vamosi
July 24, 2008

In his first public comments since his Domain Name System (DNS) cache 
poisoning flaw was made public, Dan Kaminsky said in a conference call 
on Thursday he doesn't want to parse who said what when. He just wants 
everyone to understand that they must patch their systems now.

Speaking during the second pre-Black Hat security conference Webinar, 
Kaminsky, who's director of penetration testing for IOActive, provided 
the most information to date about the DNS flaw he found earlier this 
year but only disclosed in public on July 8. DNS is what translates the 
common name of a Web site into its numerical IP address, and is 
therefore a fundamental component to the Internet. His announcement 
coincided with a massive, multivendor patch release. But he withheld 
details, hoping that most people would get their systems patched before 
the bad guys got a hold of it.

Kaminsky said the word is getting out about the patches, but there are 
still many systems that are vulnerable. From the period of July 8 
through July 13, 86 percent of the people testing their system on his 
Web site were vulnerable. Today it's 52 percent. "Not perfect; not even 
good enough," he said. But "I'll take 52 any day of week and twice on 


Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com
Received on Fri Jul 25 2008 - 05:31:37 PDT

This archive was generated by hypermail 2.2.0 : Fri Jul 25 2008 - 05:51:07 PDT