Skip to main content


Showing posts from August, 2008

DNS flaws expose many services (exploit chaining with old defects)

The flaws discovered in DNS recently by Dan Kaminsky have existed for years. He linked several of them together, a concept known as "exploit chaining" to reveal a much more serious flaw. His technique makes it possible to hijack and misdirect a user's web browser to a malicious web site, even in cases where the user types the correct URL. '

That, of course, completely makes a fool of Verisign's Ken Silva, chief technology officer, who's been running around to the press saying irresponsible if not utterly foolish things like:
"We have anticipated these flaws in DNS for many years and we have basically engineered around them."

Kudos to Mr. Kaminsky, for working in private with the major vendors of DNS server software, who had patches ready to go before the flaw was announced. This kept the script kiddies from having a field day with the vulnerabilities, which were endemic to nearly all DNS servers.

Apparently there remain some issues not yet address…