[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Domain Name System still less than secure
From: InfoSec News <alerts () infosecnews ! org>
Date: 2009-02-20 9:46:17
Message-ID: Pine.LNX.4.61.0902200346080.3806 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://gcn.com/articles/2009/02/19/black-hat-dnssec.aspx
By William Jackson
GCN.com
Feb 19, 2009
DNSSEC is the only practical solution to fixing DNS, but it is not yet
practical enough
Exploits for a serious cache-poisoning vulnerability discovered in the
Domain Name System (DNS) last year have begun to appear in the wild, and
they have made security researcher Dan Kaminsky a believer in DNS
Security Extensions (DNSSEC).
"I've never been a DNSSEC supporter," Kaminsky said today at the Black
Hat Federal security conference being held in Arlington, Va. "At best,
I've been neutral on the technology."
Kaminsky, director of penetration testing at IOActive, Inc., last year
discovered the vulnerability in the DNS that underpins the Internet and
helped to engineer the release of a patch for it. The patch, which
introduced more port randomization into DNS servers, was merely a quick
fix and Kaminsky said he has come to the conclusion that no security
technology except DNSSEC can scale well enough to fix the problem.
[...]
_______________________________________________
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic