Six months after security researcher Dan Kaminsky unveiled critical flaws within the Domain Name System (DNS), the foundational internet infrastructure continues to grapple with significant security challenges. Kaminsky’s 2008 discovery of a cache-poisoning vulnerability prompted an unprecedented, coordinated patching effort. This behind-the-scenes work, involving industry giants like Microsoft and organizations such as CERT, was instrumental in securing a vast majority of vulnerable servers before the technical details of the exploit became widely known.

Persistent Dangers and Escalating Attacks

Despite this extraordinary initial success in widespread patching, Kaminsky delivered a sobering assessment at a recent Black Hat DC conference. He warned that serious dangers still persist within the DNS system. Crucially, he revealed that approximately one to three percent of DNS servers have since experienced confirmed cache-poisoning events. This statistic, though seemingly small, represents a critical and persistent vulnerability. Kaminsky expressed growing concern over the trend: “There’s been an increasing amount of attacks in January. That’s not good,” he stated, underscoring the asymmetric nature of the threat: “The bad guys can attack more caches than we can defend.”

Broader Infrastructure at Risk

The implications of these DNS weaknesses extend beyond just the cache servers themselves. Kaminsky has also observed compelling evidence of effective DNS-based attacks targeting other vital internet infrastructure, including mail servers. Furthermore, he highlighted vulnerabilities in related security systems, specifically criticizing the state of SSL implementations. “SSL is a disaster zone, with half the servers out there not even identifying themselves,” he remarked, emphasizing that fundamental internet systems should be robust against such exploitation. Kaminsky’s ongoing warnings serve as a stark reminder that continuous vigilance, proactive security measures, and robust system integrity are paramount for safeguarding the internet’s core functions against evolving threats.

Source: https://threatpost.com/six-months-later-dns-still-taking-hit-022409/72382/