http://blog.wired.com/27bstroke6/2008/08/experts-accuse.html By Ryan Singel Threat Level Wired.com August 13, 2008 Despite a recent high-profile vulnerability that showed the net could be hacked in minutes, the domain name system -- a key internet infrastructure -- continues to suffer from a serious security weakness, thanks to bureaucratic inertia at the U.S. government agency in charge, security experts say. If the complicated politics of internet governance continue to get in the way of upgrading the security of the net's core technology, the internet could turn into a carnival house of mirrors, where no URL or e-mail address could be trusted to be genuine, according to Bill Woodcock, research director at the nonprofit Packet Clearing House. "The National Telecommunications and Information Administration, an agency of the Department of Commerce, is the show-stopper here," Woodcock said. At issue is the trustworthiness of the domain name system, or DNS, which serves as the internet's phone book, translating queries such as wikipedia.org into the numeric IP address where the site's server lives. Just weeks ago, security researcher Dan Kaminsky announced he'd discovered a way for hackers to feed fake info into DNS listings, which would allow hackers to redirect web traffic at will -- for example, routing every person attempting to log in to the Bank of America to a fake site controlled by the attacker. Kaminsky quietly worked with large tech companies to build patches for the net's name servers to make the attack more difficult. But security experts, and even the NTIA, say those patches are just temporary fixes; the only known complete fix is DNSSEC -- a set of security extensions for name servers. [...] __________________________________________________ Visit Defcon Pics - Defcon Memory Repository http://www.defconpics.orgReceived on Wed Aug 13 2008 - 23:37:28 PDT
This archive was generated by hypermail 2.2.0 : Wed Aug 13 2008 - 23:44:22 PDT