Black Hat: Kaminsky: Many Ways to Attack DNS
Robert McMillan writes on ComputerWorld:
There were 6 a.m. calls from Finnish certificate authorities and also some pretty harsh words from his peers in the security community -- even an accidentally leaked Black Hat presentation. But after managing the response to one of the most highly publicized Internet flaws in recent memory, Dan Kaminsky said Wednesday that he'd do it all over again.More here.
Kaminsky's full-time job over the past few months has been working with software vendors and Internet companies to fix a widespread flaw in the DNS (domain name system) used by computers to find each other on the Internet. Kaminsky, in conjunction with an assortment of pre-alerted tech vendors and experts, first disclosed the problem on July 8, warning corporate users and Internet service providers to patch their software as quickly as possible.
On Wednesday, he disclosed more details of the issue during a crowded session at the Black Hat conference, describing a dizzying array of attacks that could exploit DNS. Kaminsky also talked about some of the work he'd done to fix critical Internet services that could also be hit with this attack.