By Egan Orion: Tuesday, 22 July 2008, 12:05 PM
DNS security Hole details leak out:
A researcher discovered a DNS vulnerability months ago. He planned to describe the flaw at a conference. But the details have hit the Net. The researcher urges users to update their software pronto!
TECHNICAL DETAILS about a flaw in the Internet's Domain Name System (DNS) that still exists on some networks were injudiciously confirmed in a security firm's blog on Monday.
Security researcher Dan Kaminsky had discovered the DNS vulnerability several months ago and worked with major software vendors to devise and disseminate a patch.
Kaminsky is the director of network penetration testing at the security firm Ioactive. The systemic weakness that he found in the DNS protocol can expose unpatched domain name servers to cache poisoning, which can enable malicious activities such as phishing and the propagation of viruses, trojans and bot infections.