Tuesday, August 12, 2008

The Internet's DNS Vulnerability; is it hype, or can the World Wide Web be destroyed?

Is the web that vulnerable? When it comes to networking type stuff, I find it hard to follow, I'm just not that geeky. But this sounds pretty serious:

Web Doomsday Averted: Kaminsky
Security researcher Dan Kaminsky argues that the recent DNS vulnerability wasn't just hype: it could have destroyed the Web.

LAS VEGAS -- The recent Domain Name System (define) caching flaw that had security experts scrambling to protect the Web wasn't just hype. The Internet as we know it was at risk, according to a security researcher Dan Kaminsky.

During a discussion on front of a packed hall at the Black Hat conference today, Kaminsky detailed flaws in the system that translates domain names into IP addresses, which he's been trying to hide for the last thirty days.

In a 70-minute session with over 50 slides, Kaminsky explained in excruciating detail the flaw in DNS and the myriad ways it could have been exploited to destroy the Internet as we know it.

Kaminsky was quick to point out that the patch for the DNS flaw has been widely deployed, protecting users from what otherwise could have been a nightmare scenario. [...]

Some will argue that it's hype. But do we have to wait for the web to fail before we take it seriously enough? A near disaster may have been averted for now, but apparently it's not over yet:

Updated: The patch for critical Internet flaw may be flawed itself
A Russian researcher has reported there are holes in the patch for the DNS flaw that threatened the foundations of the Internet.

Just a month ago, Dan Kaminsky told the world that the Internet’s Domain Name Server system for routing Internet users to the proper addresses for web sites could be compromised. He had organized a months-long effort to create a patch to fix the problem. But not it appears the patch doesn’t do the job, according to a story in the New York Times. It confirms Kaminsky’s own warning that the patch was a stopgap measure and that there were worse things coming out. [...]

I read somewhere that DNS is an inferior system that needs to be replaced with an alternative, however I can't find the article presently. I admit the technical aspects are over my head, so I can't comment on it extensively. But this story, as a security matter, does bear watching. So many businesses rely heavily on the internet now, and a major problem with it could affect world markets, and thus all of us.

Related Link:

Russia and Georgia continue attacks--online


Walker said...

Indeed. Imagine some dopey teenager in Germany manages to scramble all internet traffic, thus halting (albeit temporarily) the greatest evolutionary leap of man.

It wouldn't just be individual business, but networks of businesses. Airlines would be toast. Telephone communication, dead ( well, okay, you might be able to call your neighbor in a small town. But maybe not). Cellphone communication, history. Your bank. Your utility company. Your pharmacy. Your doctor would go back to writing paper scripts.


Chas said...

All sorts of financial damages could be incurred, which would in turn be passed on to consumers. The cumulative effects could be devastating.

I hesitated posting about this because I didn't want to sound like a doomsday prophet. But sometimes by highlighting these dangers, enough people take it seriously to the point where it can be avoided through precautionary measures.