DNS security hole details leak out
TECHNICAL DETAILS about a flaw in the Internet’s Domain Name System (DNS) that still exists on some networks were injudiciously confirmed in a security firm’s blog on Monday.
Security researcher Dan Kaminsky had discovered the DNS vulnerability several months ago and worked with major software vendors to devise and disseminate a patch.
Kaminsky is the director of network penetration testing at the security firm Ioactive. The systemic weakness that he found in the DNS protocol can expose unpatched domain name servers to cache poisoning, which can enable malicious activities such as phishing and the propagation of viruses, trojans and bot infections.
Full story: theinquirer.net