Patching the Domain Name System

Latest DNS flaw underscores need for secure Internet naming

July 21, 2008 - Vendors scramble as the race is on to produce patches for the potentially severe design flaw in the Internet's Domain Name System (DNS).

Details of the vulnerability will be released August 4th at the Black Hat Briefings by Dan Kaminsky. Meanwhile, Kaminsky is hoping that there is at least a 30 day advantage before exploits are used to misdirect Internet traffic. "It could create a windfall for phishers," said Alan Paller, director of research at the SANS Institute.

The software fixes currently rolling out are not the ultimate fix, said Cricket Liu, vice president of infrastructure at Infoblox. The root of the problem lies in inadequate message ID randomness. Liu expects the real fix to be the use of DNS Security Extensions (DNSSEC), a system used to authenticate DNS messages.

Since the exploit is in the protocol itself, a group of 16 security researchers met in March to coordinate a response across all platforms affected. Vendors agreed to release patches in July, prior to the Black Hat Briefings in August.

Source: gcn.com

About Secure64 Software Corporation
Secure64® is a software developer providing highly secure DNS and server applications with built-in denial-of-service protection features to help ensure your Internet-dependent business is always accessible. Based on the genuinely secure SourceT® microOS, Secure64 DNS remains highly available during network attacks and is immune to compromise from rootkits and malware.

DNS Security News Index