Despite patch by Cisco, Microsoft, others, DNS is not secure, researcher says

The Kaminsky Bug, a DNS cache poisoning attack, remains a threat, despite the fact that vendors such as Cisco, Sun and Microsoft joined together to release patches that temporarily fix the flaw. So said Dan Kaminsky at the Black Hat conference, reports Network World. The prominent security researcher told attendees that holes in DNS make the Internet vulnerable. DNS's problems are limiting other important, dependent security technologies as well.

He advocates DNS Security Extensions, which attempt to prevent spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.

The article says:

"One roadblock to DNSSEC adoption is that it isn't easy to implement, Kaminsky admits, and calls for coordination by many parties. DNSSEC requires domain name registrars, domain name registries, ISPs and users to upgrade their software."

More from Cisco Subnet:

* Vyatta beats out Cisco, Juniper for New Mexico win
* Details of "Project California" revealed
* Largest coordinated ATM Rip-off ever nets $9+ million in 30 minutes
* Cisco adds new online questions module to CCIE lab exam
* Cisco in the home: Anonymous or poised for domination?
* OSPF puzzle: Analyzing OSPF metrics, human style
* Getting Started with the CCNA Wireless
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, training/book giveaways, and more. 

• Cisco
• Dan Kaminsky
• DNS cache poisoning
• DNS security
• DNS Security Extensions
• DNSSec
• security
• The Kaminsky Bug