Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • IT Management
    • Networking

    Kaminsky DNS Flaw Details Leaked Accidentally

    Written by

    Brian Prince
    Published July 22, 2008
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      Details of the DNS flaw uncovered by security researcher Dan Kaminsky have found their way into the public arena.

      Kaminsky, who is the director of penetration testing for the security company IOActive, had planned on keeping the specifics of his discovery close to his vest until the Black Hat conference in August in Las Vegas. Now, the details of his findings appear to have leaked out by accident.

      The flaw, which can be exploited to launch DNS (Domain Name System) cache poisoning attacks against DNS servers and redirect Internet traffic, was discovered by Kaminsky several months ago and led a number of vendors to cooperate and coordinate the release of a patch two weeks ago. This is an important flaw that affects multiple products-basically any recursive DNS server. If a server is compromised, attackers could redirect traffic from that server to anywhere they wanted, say, to a fake “google.com” that was actually a malicious site.

      Reverse engineering expert and Zynamics CEO Halvar Flake posted speculation about the bug on a blog July 21. In response, security research and development firm Matasano, which was aware of the true details of the flaw, posted confirmation of Flake’s speculation on the Matasano company blog. The Matasano post has since been taken down, but remains alive courtesy of a Google search.

      “The cat is out of the bag,” read the now-removed Matasano post. “Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat.”

      Late the same day, Matasano’s Thomas Ptacek apologized on the company blog, explaining the firm had “dropped the ball.”

      Ptacek wrote, “Earlier today, a security researcher posted their hypothesis regarding Dan Kaminsky’s DNS finding. Shortly afterwards, when the story began getting traction, a post appeared on our blog about that hypothesis. It was posted in error. We regret that it ran. We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread.”

      Kaminsky’s attempts to keep a tight lid on details of the flaw until Black Hat sparked controversy among some security professionals who felt details of the vulnerability should have been released.

      For now, IT pros can fall back on the patches vendors have made available, as well as suggested mitigations.

      Kaminsky has posted a tool on his Web site that allows anyone to check to see if a DNS server is vulnerable. DNSstuff launched a piece of freeware July 16 on its site that does the same.

      “Patch,” Kaminsky advised on his blog. “Today. Now.”

      Brian Prince
      Brian Prince

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×