BLACK HAT: DNS flaw could spread beyond the browser

Share this article:
DNS cache poisoning is not just for web browsers anymore. According to researcher Dan Kaminsky, there are a variety of programs that make requests of DNS servers, including games and a number of  desktop applications.

In a presentation on Wednesday at the Black Hat conference in Las Vegas, Kaminsky said that although more than 70 percent of all vulnerable systems have been patched, “We are entering a third age of security research, where all networked apps are fair game."

He added that just because servers are behind firewalls, they are not necessarily immune from exploits based on the flaw.“

Internal networks are not at all safe, both from the effects of Java, and from the fact that internal routing could be influenced by external activity, he said.

In fact, he said, “the whole concept of the fully internal network may be broken – there are just so many business relationships.”

In responding to questions at a press conference after his presentation, Kaminsky said, “I think at this point most users likely will be more unsafe at work than when they're home.”

He added: “I think that in the long term, architecturally, we need to stop assuming the network is friendly. Every network is a hostile network.”

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

FBI to open Malware Investigator portal to security researchers

The portal is a virus analysis tool that examines suspicious files and shares information about them.

SUPERVALU and AB Acquisition LLC report being breached again

SUPERVALU and AB Acquisition LLC report being breached ...

The breaches involved different malware and both companies are investigating whether payment card information was stolen.

DDoS down globally, on increase in Americas in Q2, report says

DDoS down globally, on increase in Americas in ...

DDoS attacks declined in Q2 while Zeus, Storm and Heartbleed made their marks on security, an Akamai report on the state of the internet shows.