Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Flaw Hits More Than Just the Web

Posted by timothy on from the gee-dan-thanks-thanks-a-bunch dept.

gringer writes "Dan Kaminsky presented at the Black Hat conference in Las Vegas on Wednesday, and said that the DNS vulnerability he discovered is much more dangerous than most have appreciated. Besides hijacking web browsers, hackers might attack email services and spam filters, FTP, Rsync, BitTorrent, Telnet, SSH, as well as SSL services. Ultimately it's not a question of which systems can be attacked by exploiting the flaw, but rather which ones cannot. Then again, it could just be hype. For more information, see Kaminsky's power point presentation." Update: 08/07 19:48 GMT by T : There's also an animation of the progress of the patch.

5 of 215 comments (clear)

  1. Shocked!!! by YouOverThere · · Score: 5, Insightful

    You mean all the services that use DNS are at risk?!?!?!
    Say it isn't so...!
    Here all this time I thought the Internet WAS the Web...

  2. Litmus testing by Just+Some+Guy · · Score: 5, Insightful

    If you are reading this on Slashdot, and you are just now realizing that DNS exploits affect more than just the web, then get the hell out of here. Shoo. Leave your card at the door.

    --
    Dewey, what part of this looks like authorities should be involved?
    1. Re:Litmus testing by Rob+Kaper · · Score: 5, Insightful

      Sorry Kirk, we can't win this battle. Back in the day only professionals, nerds and skilled technicians visited Slashdot. These days the site (for monetary reasons, I'm sure) has to cater to a much larger audience and we have to accept that we, the low-digit-UID crowd, are no longer representative for Slashdot.

      The only problem is, our chances are not much better anywhere else. I miss the days when the Internet consisted mostly of early adopters. (Then again, we need the masses because they make it feasible to have actually useful things like Internet banking and on-line pizza orders.)

    2. Re:Litmus testing by caferace · · Score: 5, Insightful
      "If you are reading this on Slashdot..."

      Good point. How do we know this really is Slashdot?

  3. Re:SSH and SSL protected by nonpareility · · Score: 5, Insightful

    What's to stop somebody from hijacking the bank website, redirecting to a website that uses no SSL at all, and waiting for the passwords to roll in?

    If you normally access your bank's website by way of https, you wouldn't get redirected because the hijacked website's certificate wouldn't be valid. Other than that, you're just describing phishing.