Community
Dan Kaminsky finally went public yesterday on the DNS flaw at his presentation at Black Hat and shed light on what was the largest synchronized security update in the history of the Internet.
He has spent some considerable time and effort persuading engineers from a range of companies to fix a problem he found in DNS. And thank goodness he did.
You probably know about DNS - but in case you don't - you can think of it almost as the internet's trusted "phone book" of IP addresses.
When you type a web site URL into your browser - such as www.finextra.com or your bank - your machine queries your local domain name server - and retrieves the IP address of the site you are looking for. Your web browser then connects to that site.
Kaminsky discovered it was possible to hack those name servers - so you could be redirected to a fake site and possibly not notice. Not only that - it could be used to intercept corporate email or mess with auto-update features in software.
Scary stuff indeed. Scarier still is that not everyone has patched their systems yet.
The Register has an excellent description here of the attack.
Now isn't it fortunate the baddies didn't get there first. (Or did they)?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Denys Boiko Founder at Erglis
20 March
Shawn Conahan Chief Revenue Officer at Wildfire Systems, Inc.
19 March
Denis Shafranik Co Founder at Concentric
Sarah-Jayne Martin Director, ICA Global AR Practice at Quadient
18 March
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.