Welcome to WebmasterWorld Guest from 22.214.171.124
Forum Moderators: phranque
Five years after the disclosure of a serious vulnerability in the Domain Name System dubbed the Kaminsky bug, only a handful of U.S. ISPs, financial institutions or e-commerce companies have deployed DNS Security Extensions (DNSSEC ) to alleviate this threat. Five Year-Old DNS Flaw Remains Unplugged Amongst Major U.S. Companies [networkworld.com]
While DNS software patches are available to help plug the Kaminsky hole, experts agree that the best long-term fix is DNSSEC, which uses digital signatures and public-key encryption to allow websites to verify their domain names and corresponding IP addresses and prevent man-in-the-middle attacks.
"For whatever reason, the importance of securing their DNS has not raised itself up to a high enough level of priority for these organizations," says Mark Beckett, vice president of marketing for Secure64. "Perhaps they don't know there is a hole in the DNS and that if it is attacked, their customers could have their personal or financial information compromised."
joined:Apr 25, 2002
Ironically, DNSSEC is currently making some DNS reflection attacks worse because of the large amount of data that DNSSEC can return.