Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Backstory of the Kaminsky Bug

Posted by kdawson on from the no-good-deed-goes-unpunished dept.

Ant recommends a Wired piece on the background story of the Kaminsky DNS bug and its (temporary) resolution, decreasing the odds of a successful breach from 1 in 2^16 to 1 in 2^32. We've discussed this uber-hole a number of times. Wired follows the story arc from before Kaminsky's discovery of the bug to his public presentation of it in Las Vegas.

5 of 122 comments (clear)

  1. Slashdotted by Vertana · · Score: 4, Interesting

    The site linked in the article is indeed slashdotted, but the bug in question has been overhyped in the media and, although it must be fixed to prevent future problems, it currently does not present a big obstacle for the current Internet...

    --
    "The best way to accelerate a Macintosh is at 9.8m/sec^2" -Marcus Dolengo
    1. Re:Slashdotted by socsoc · · Score: 4, Interesting

      No kidding it has been overhyped.

      From TFA The vulnerability gave him the power to transfer millions out of bank accounts worldwide.
      How so?! I don't have millions, but I do run djbdns...

    2. Re:Slashdotted by ArsenneLupin · · Score: 2, Interesting

      In other words, you're telling me that it's worse -- even VeriSign doesn't know how to use SSL properly. You'd think, if you were downloading a new certificate, that you'd get it via SSL?

      Encryption of the certificate is not the problem... the problem is el-cheapo "domain-validated" certification authorities whose only "proof of domain ownership" is your ability to receive email at root@yourtarget.com and a phone number (any phone number will do). If you can spoof DNS so that this email really goes to your computer, and if you know where to buy a prepaid mobile plan, you can get a "valid" certificate for yourtarget.com .

      It's a little bit like identity theft: rather than emptying your existing account, the perp just sets up a new account in your name...

  2. Re:why do people consider this hype? by he-sk · · Score: 3, Interesting

    Same reason why people don't believe in climate change. The potential risk is so mind-boggling, it's psychologically healthier to pretend it's not there.

    Think of kids that cover their eyes and then reason that you cannot see them, because they cannot see you.

    --
    Free Manning, jail Obama.
  3. The part that leaped out by klui · · Score: 3, Interesting

    "...a complete description of the exploit appeared on the Web site of Ptacek's company.... The DNS community had kept the secret for months. The computer security community couldn't keep it 12 days."