Security researcherDan Kaminskyunveiled more details
about a fundamental design flaw in the way the internet works at
theBlack Hat security conferencein Las
Vegas yesterday.
The flaw, which he said was the most destructive discovered in
10 years, could lead to emails being intercepted and altered
without the sender or receiver being aware.
Kaminsky, director of penetration testing at security firm
IOActive, told the conference of the extent of a vulnerability in
the
Domain Name System (DNS). Because of a basic mistake in the way
the system operates, all versions of the software that translates
domain names into IP addresses can be poisoned using a
man-in-the-middle attack that would force computers to visit any
server an attacker offered instead of the one they had asked
for.
Kaminsky, who announced the vulnerability in July, worked with a
collection of vendors and ISPs to help fix the problem at major
sites before details got out. Many large companies have fixed the
problem, but a lot have still not patched the flaw.
An attack was identified recently at an AT&T DNS server in
Houston, Texas, where businesses found scammers redirecting their
Google queries to new websites containing advertising.
Anything calling to unpatched DNS servers is vulnerable,
including FTP and IRC clients, VoIP software and some auto-update
services. Even mail servers could be hacked, so attackers could
harvest the content of emails and alter them to contain malware
links before passing them on.
"This bug has been there since 1983," said Kaminsky, who warned
that more would probably surface, and that the IT community must be
ready with quick fixes. "What if there was a discovery and we had
no time to patch? We need to start choosing the products we buy
based on how serviceable they are."