BLACK HAT: DNS flaw could spread beyond the browser

By

DNS cache poisoning is not just for web browsers anymore. According to researcher Dan Kaminsky, there are a variety of programs that make requests of DNS servers, including games and a number of desktop applications.


DNS cache poisoning is not just for web browsers anymore. According to researcher Dan Kaminsky, there are a variety of programs that make requests of DNS servers, including games and a number of  desktop applications.

In a presentation at the Back Hat conference in Las Vegas, Kaminsky said that although more than 70 percent of all vulnerable systems have been patched, “We are entering a third age of security research, where all networked apps are fair game."

He added that just because severs are behind firewalls, they are not necessarily immune from exploits based on the flaw.

Internal networks are not at all safe, both from the effects of Java, and from the fact that internal routing could be influenced by external activity, he said.

In fact, he said, “the whole concept of the fully internal network may be broken – there are just so many business relationships.”

In responding to questions at a press conference after his presentation, Kaminsky said, “I think at this point most users likely will be more unsafe at work then when they're home.”

He added: “I think that in the long term architecturally we need to stop assuming the network is friendly: Every network is a hostile network.”

See original article on scmagazineus.com
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?