Kaminsky On DNS Bugs a Year Later and DNSSEC

← Back to Stories (view on slashdot.org)

Kaminsky On DNS Bugs a Year Later and DNSSEC

Posted by CmdrTaco on Thursday June 25, 2009 @02:52AM from the i-feel-safer-already dept.

L3sPau1 writes "Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System. In the time since, Kaminsky has become an advocate for improving security in DNS, and ultimately, trust on the Internet. One way to do this is with the widespread use of DNSSEC (DNS Security Extensions), which essentially brings PKI to website requests. In this interview, Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services."

6 of 127 comments (clear)

Min score:

Reason:

Sort:

Re:new security products and services? great. by i.r.id10t · 2009-06-25 03:03 · Score: 4, Insightful

Better than generating fear to reduce the rights of your citizens...

--
Don't blame me, I voted for Kodos
Re:new security products and services? great. by gandhi_2 · 2009-06-25 03:07 · Score: 5, Insightful

Nothing is better than generating fear to reduce the rights of your citizens.
Sincerely,
Both Political Parties.

--
THL phish sticks
Re:new security products and services? great. by headhot · 2009-06-25 03:16 · Score: 5, Insightful

The Kaminisky bug is real, and its being used out in the wild. This is not a hypothetical academic exercise. DNS needs to be secured. Its not fear mongering, and its not for profit.
Many of these security consultants you speak of are not consultants at all, but experts working on this stuff in their free time for the betterment of the internet.
You just think that way because you haven't been.. by brunes69 · 2009-06-25 03:20 · Score: 5, Insightful

.. hit yet.
Security is a tricky thing. You say security people sell you things "you don't need". But if you wait until you NEED security, it is already too late because you have a breach.
Security is not an ER visit, it is a regular preventative exam with your physician. It is something you have to take a pro-active approach with. Yes, this oten means investing time and money in something that has no immediate ROI. But that is the nature of the problem you are dealing with.
A: because it breaks the flow of a message by DNS-and-BIND · 2009-06-25 07:40 · Score: 3, Insightful

Q: Why is starting a comment in the Subject: line incredibly annoying?

--
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Re:None of it as implemented is about security by Tony+Hoyle · 2009-06-25 13:55 · Score: 3, Insightful

You can get wildcard certs. for HTTP as well. They cost lots and lots of $$$
You wonder how much getting a domain signed is going to cost... thing Verisign is going to turn down a cash cow that big? I'd be surprised if they charge less than $1000 per domain.
Ultimately, as Verisign signs the root, all paths (and all money) leads to them - and that's why they're pushing DNSSEC so much.