Kaminsky On DNS Bugs a Year Later and DNSSEC

L3sPau1 writes "Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System. In the time since, Kaminsky has become an advocate for improving security in DNS, and ultimately, trust on the Internet. One way to do this is with the widespread use of DNSSEC (DNS Security Extensions), which essentially brings PKI to website requests. In this interview, Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services."

new security products and services? great.

I have never met a bigger group of shysters and con-artists than "security consultants" in all my life.

Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services

that says it all, right there. This isn't about securing your assets, this is about generating fear so an army of security consultants can sell you an entirely new class of products you don't need.

Re:Questions from a DNS implementor

[BitZtream]

Considering you can't be bothered to read the information out there to even understand it, I think you'll find it very hard.

Its not actually hard if you use someone elses encryption libraries, but if you are too lazy to even lookup how it works, and its fairly clear you have no understanding of how it works, its probably safe to say you are going to consider it hard.

In reality, its not really a any worse than say adding SSL support to a web browser.