[ISN] Domain Name System still less than secure

From: InfoSec News <alerts_at_private>
Date: Fri, 20 Feb 2009 03:46:17 -0600 (CST)
http://gcn.com/articles/2009/02/19/black-hat-dnssec.aspx

By William Jackson
GCN.com
Feb 19, 2009

DNSSEC is the only practical solution to fixing DNS, but it is not yet 
practical enough

Exploits for a serious cache-poisoning vulnerability discovered in the 
Domain Name System (DNS) last year have begun to appear in the wild, and 
they have made security researcher Dan Kaminsky a believer in DNS 
Security Extensions (DNSSEC).

“I’ve never been a DNSSEC supporter,” Kaminsky said today at the Black 
Hat Federal security conference being held in Arlington, Va. “At best, 
I’ve been neutral on the technology.”

Kaminsky, director of penetration testing at IOActive, Inc., last year 
discovered the vulnerability in the DNS that underpins the Internet and 
helped to engineer the release of a patch for it. The patch, which 
introduced more port randomization into DNS servers, was merely a quick 
fix and Kaminsky said he has come to the conclusion that no security 
technology except DNSSEC can scale well enough to fix the problem.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Fri Feb 20 2009 - 01:46:17 PST

This archive was generated by hypermail 2.2.0 : Fri Feb 20 2009 - 01:52:42 PST