Firms Tackle Security Flaw In Web Addressing System

Kevin Darcy kcd at chrysler.com
Thu Jul 10 20:41:56 UTC 2008 

Before you get too carried away with congratulations, please realize 
that these patches only make the affected implementations more 
*resilient* to the attack. They don't actually *fix* the problem.

The true fix is to implement DNSSEC Internet-wide, but the DNSSEC 
protocol extensions have been mired in the standards process for over a 
decade, and, even if complete standards were published tomorrow, it 
would still take years for administrators to implement, due to their 
complexity, the steep learning curve, and the additional resource 
requirements (which may require server and/or network upgrades).

So, in the meantime, we can expect to see more exploits of this type 
brought to light, and countermeasures developed and deployed, for at 
least the next few years. This is by no means the end of the story, just 
another chapter in a long saga.

                                                                         
                           - Kevin

Reality_Check wrote:
> <OffshoreEddie at nospam.com> wrote in message 
> news:iq0b74d391qehgcps5625acah6hrig6aes at 4ax.com...
>   
>> Wow.  A big one avoided.  Be nice if the rest of government and
>> industry had this kind of proactive attitude.
>>
>>
>> Firms Tackle Security Flaw In Web Addressing System
>>
>> http://online.wsj.com/article/SB121557348238938533.html
>>
>> By Christopher Rhoads
>> Staff Reporter
>>
>> A computer researcher revealed a fundamental flaw in the Internet's
>> addressing system, necessitating a massive Internet security upgrade
>> primarily for businesses and service providers, according to a
>> division of the Department of Homeland Security.
>>
>> The problem makes it possible for computer hackers to reroute Internet
>> traffic at will, enabling them access to sensitive and valuable
>> information from businesses as well as individual users, such as
>> credit-card and bank information.
>>
>> The matter is more serious than a typical computer virus or hack
>> because rather than targeting individual computers online or specific
>> software products, it undermines the inner workings of the Internet
>> itself, specifically the so-called domain name system, or DNS. The
>> DNS, which acts as the Internet's address book, makes it possible for
>> users to connect with other computers and Web sites.
>>
>> "This is the largest synchronized security upgrade in the history of
>> the Internet," said a statement from the Computer Security Response
>> Team, or CERT, a division of Homeland Security. "An attacker could
>> easily take over portions of the Internet and redirect users to
>> arbitrary and malicious locations."
>>
>> A number of software and hardware companies, including Microsoft
>> Corp., Cisco Systems Inc, and Sun Microsystems Inc., on Tuesday
>> simultaneously issued software patches for their users.
>>
>> The flaw was discovered by accident about six months ago by security
>> researcher Dan Kaminsky, prompting him to contact the U.S. government.
>> The matter was kept secret so that technology vendors could first come
>> up with a way to defend against the problem, which was announced
>> Tuesday. Mr. Kaminsky, who works for computer security company
>> IOActive Inc., said he intends to provide more details about the
>> problem in 30 days, to allow companies time to upgrade their security. 
>>     
>
>
>
>
>
>

More information about the bind-users mailing list