Dan Kaminsky, security researcher and director of
penetration testing for IOActive, released during the Black Hat conference held
in Las Vegas his much-anticipated report about the Domain Name Server flaw he
found a few months earlier. The audience in the conference room was composed of
researchers, security vendors and IT professionals, all interested to hear the
details of the analysis.
In a few words, the vulnerability involves the URLs and IP
addresses, allowing an attacker to infect a certain DNS server and redirect
users to the malicious Web site. Mr. Kaminsky explained that "Almost
everything on the Internet depends on DNS returning the right number for the
right request," and that is exactly why the problem demands a rapid and permanent
fix.
Besides these phishing attack dangers, there is also the
possibility of using the flaw to compromise mail servers, leading to the
interception and redirection of mail messages.
The risk for such an attack was present for many years but
it went unnoticed until recently, when Dan Kaminsky actually found a faster and
more efficient way for hackers to access these forbidden resources.
The solution offered by Mr. Dan Kaminsky, to randomize the
source port, is considered by the researcher as a temporary solution, as the
problem demands the development of a far better defense system in order to
truly be considered safe from all attacks. Another thought for a temporary fix
was offered by Danny McPherson, chief research
officer with Arbor Networks, who suggested the adoption of a more secure
version of DNS, which is called DNSSEC. Still, he admitted that this cannot be
considered a long term solution, as it can only provide an extended period of
time before hackers find the way in.
Mr. Dan Kaminsky mainly considers the flaw an issue for
corporate users and suggested that home users should not panic.
"Even with DNS fixed, there are other scenarios in
which unencrypted IP traffic is lost to an attacker," Kaminsky explained
in his presentation.
Even though some critics claimed that the problem should have
received a lot less attention and that Dan Kaminsky overhyped the Domain Name Server
flaw, the security researcher strongly believes that the matter demands a lot
of attention and that the interest shown is completely justified. "DNS
bugs create a skeleton key across all Web sites," he said. "A lot of
people think that breaking DNS is not a big deal and I think I was called out.
I don't think I was hyping anything," he added.
He also expressed his belief that the DNS should not be capable
of this much damage and that these situations should be anticipated in the
future, or at least the efforts for finding solutions increased, as the people planning
these attacks are always extremely well informed and are always finding new
ways of accessing blocked areas with valuable information.
The presentation went on for about 70 minutes and included
more than 50 slides, offering a complete view of the problem and several
starting points for finding a solution.
