Slashdot Mirror

← Back to Stories (view on slashdot.org)

DNS Inventor Tackles Flaw

Posted by ScuttleMonkey on from the always-evolving dept.

nk497 writes "Dr Paul Mockapetris is looking to fix the flaws in the Domain Name System he helped invent. 'It was never meant to be the only security mechanism for naming data on the internet, but was intended for additional security measures to be added to it later.' The flaws, first uncovered by security researcher Dan Kaminsky over the summer, lets attackers redirect genuine URLs to malicious ones — a problem Mockapetris believes could be solved using digital signatures."

2 of 101 comments (clear)

  1. Hm, that and DNSsec sucks ass by Nicolas+MONNET · · Score: 3, Informative

    Look at the history of DNSsec; the specs have been done and redone several times over, there is no consensus, and it looks like it would be a bitch to admin.

  2. Re:We'll add security later by Hal_Porter · · Score: 5, Informative

    Not really. Back when DNS was invented (1982) pretty much everything connected to the Internet was essentially a trusted machine. Arguably that was almost true until the Morris worm in 1988. Of course you could never truly trust them, but the idea was that if someone did something silly other people would phone them and then they would stop. Essentially it was an anarchy populated by non malicious people.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;