Security researcher Dan Kaminsky unveiled more details about a fundamental design flaw in the way the internet...
works at the Black Hat security conference in Las Vegas yesterday.
The flaw, which he said was the most destructive discovered in 10 years, could lead to emails being intercepted and altered without the sender or receiver being aware.
Kaminsky, director of penetration testing at security firm IOActive, told the conference of the extent of a vulnerability in the Domain Name System (DNS). Because of a basic mistake in the way the system operates, all versions of the software that translates domain names into IP addresses can be poisoned using a man-in-the-middle attack that would force computers to visit any server an attacker offered instead of the one they had asked for.
Kaminsky, who announced the vulnerability in July, worked with a collection of vendors and ISPs to help fix the problem at major sites before details got out. Many large companies have fixed the problem, but a lot have still not patched the flaw.
An attack was identified recently at an AT&T DNS server in Houston, Texas, where businesses found scammers redirecting their Google queries to new websites containing advertising.
Anything calling to unpatched DNS servers is vulnerable, including FTP and IRC clients, VoIP software and some auto-update services. Even mail servers could be hacked, so attackers could harvest the content of emails and alter them to contain malware links before passing them on.
"This bug has been there since 1983," said Kaminsky, who warned that more would probably surface, and that the IT community must be ready with quick fixes. "What if there was a discovery and we had no time to patch? We need to start choosing the products we buy based on how serviceable they are."