http://gcn.com/articles/2009/02/19/black-hat-dnssec.aspx By William Jackson GCN.com Feb 19, 2009 DNSSEC is the only practical solution to fixing DNS, but it is not yet practical enough Exploits for a serious cache-poisoning vulnerability discovered in the Domain Name System (DNS) last year have begun to appear in the wild, and they have made security researcher Dan Kaminsky a believer in DNS Security Extensions (DNSSEC). “I’ve never been a DNSSEC supporter,” Kaminsky said today at the Black Hat Federal security conference being held in Arlington, Va. “At best, I’ve been neutral on the technology.” Kaminsky, director of penetration testing at IOActive, Inc., last year discovered the vulnerability in the DNS that underpins the Internet and helped to engineer the release of a patch for it. The patch, which introduced more port randomization into DNS servers, was merely a quick fix and Kaminsky said he has come to the conclusion that no security technology except DNSSEC can scale well enough to fix the problem. [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Fri Feb 20 2009 - 01:46:17 PST
This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 01:52:42 PST