Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Backstory of the Kaminsky Bug

Posted by kdawson on from the no-good-deed-goes-unpunished dept.

Ant recommends a Wired piece on the background story of the Kaminsky DNS bug and its (temporary) resolution, decreasing the odds of a successful breach from 1 in 2^16 to 1 in 2^32. We've discussed this uber-hole a number of times. Wired follows the story arc from before Kaminsky's discovery of the bug to his public presentation of it in Las Vegas.

8 of 122 comments (clear)

  1. Slashdotted by Vertana · · Score: 4, Interesting

    The site linked in the article is indeed slashdotted, but the bug in question has been overhyped in the media and, although it must be fixed to prevent future problems, it currently does not present a big obstacle for the current Internet...

    --
    "The best way to accelerate a Macintosh is at 9.8m/sec^2" -Marcus Dolengo
    1. Re:Slashdotted by socsoc · · Score: 4, Interesting

      No kidding it has been overhyped.

      From TFA The vulnerability gave him the power to transfer millions out of bank accounts worldwide.
      How so?! I don't have millions, but I do run djbdns...

    2. Re:Slashdotted by nicolas.kassis · · Score: 4, Insightful

      that one did make me laugh. From my understanding of the hole, he would have to attack all dns servers requesting information from the root .com server AND do so for every domain requested. No small feat.

    3. Re:Slashdotted by snowtigger · · Score: 5, Insightful

      Any financial institution that resets a password based solely off of an e-mail deserves to be raped. Most do forgotten password link -> sends e-mail to reset the pass with a unique URL -> user clicks on unique URL and answers additional verification questions

      Right, but that's not the problem here. You don't even need the "recover password" feature. If a website that looks like the bank and has the url of the bank, most users would just buy it and type in their username and password. Or you could easily set up a proxy kind of webserver to make it look like everything is working as usual.

  2. why do people consider this hype? by circletimessquare · · Score: 5, Insightful

    yes his attack only involves one dns server, but it is devastating and quick and effective. you can attach yourself vampirically to one dns server, sniff for bank info, redirect google, look at email, or whatever, and then quit shop before anyone raises alarm, and set up shop somewhere else, easily and quickly and invisibly

    yes, you won't be able to take over ALL dns servers, but why is doing that the only thing that qualifies in your mind as truly threatening? kaminsky's attack, as described, is a hell of a scary hard core hack. its not hype, its the genuine frightening article. its the creme de la creme of hacks: simple, elegant, and as devastating as they come. any yahoo can move in, take over a dns server, victimize users downstream, and move on unnoticed and set up shop somewhere else. hardcore. devastating. frightening

    is it some sort of ego thing? you have to belittle the validity of someone else's discovery? why do people consider this hype?

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  3. Overhyped? by gxv · · Score: 4, Insightful

    Come on. It was really a giant effort to synchronize all the DNS vendors to release patches at the same time. And somehow I don't belive they did that just to boost Kaminsky ego. Give him a credit where credit is due. He discovered a bug that was considered critical by everybody and forced almost everybody on the Internet to upgrade their software. That really is something.

  4. Re:Do I not understand? by ArsenneLupin · · Score: 4, Informative

    So, uh... why not just turn off caching of everything besides the *ACTUAL* request?

    Actually, as far as I understood, the attack is making the information "appear" to be relevant. For instance, DNS may contain aliases (CNAMEs) that do not directly resolve in an IP address, but rather into another name.

    So, www.yourcompany.com may point to houdini.yourcompany.com, which itself resolves into 137.142.13.14.

    When a client queries for www.yourcompany.com, the DNS server not only answers that query, but "helpfully" supplies the second leg, in order to save one round-trip.

    Same thing with NS queries.

    So, all the perp has to do is have nothere.domain.com pretend to be a CNAME for www.domain.com, and "helpfully" supply a mapping from www.domain.com to an IP under your control. Because the "unsolicited" mapping appears to be relevant, the client DNS server will cache it.

  5. Powerpoint by mr100percent · · Score: 4, Informative

    Here's Kaminsky's powerpoint given at the Black Hat conference. (106 slides but thorough) This Wired article and the powerpoint is enough to make me panic. He literally broke the internet; unlock any website and spoof any logs. Now I see why there was so much panic in the article.