Security expert: DNS attacks are happening

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-1009_3-10022303-83.html

By Elinor Mills
Security - CNet News.com
August 21, 2008

A fatal flaw with the DNS (Domain Name System) is being exploited in 
Internet attacks and more attacks are likely, the security researcher 
who discovered the flaw said on Thursday.

"I do think we are going to see attacks. I think we have been seeing 
attacks already going on in the field," said Dan Kaminsky, director of 
penetration testing for IOActive, who warned the industry about the DNS 
vulnerability nearly five months ago. "We're doing everything we can to 
mitigate and reduce its incidence."

Kaminsky mentioned a DNS-related incident with China Netcom (possibly 
the incident reported by the ZD Net Zero Day blog [1]), but said it 
wasn't clear that it was due to the vulnerability he found. "There are 
other scenarios that I can't, unfortunately, get into," he added.

[1] http://blogs.zdnet.com/security/?p=1776

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/