5-year-old DNS Bug Still AliveAdded: Monday, February 4th, 2013
Category: Recent Headlines Involving File Sharing > Current Events
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2010, www.extratorrent.com
One of the nasty bugs in the DNS system of the worldwide web is still installed on many PCs all over the world.
The Kaminsky bug, named after its discoverer, was found 5 years ago. Although a fix has been issued, it turned out that only a handful of American broadband providers, financial institutions and e-commerce companies have deployed it. The discoverer warned at the time that the vulnerability made it possible for cyber attackers to carry out cache poisoning attacks, redirecting traffic from a legitimate site to a fake one without both the site operator and end user knowing that.
It appeared that the only way to fix the problem was DNSSEC, using digital signatures and public-key encryption to let the websites to verify their domain names and corresponding IP addresses and thus prevent intermediary attacks. However, the statistics say that a ridiculously low number of American corporations have deployed DNSSEC.
In fact, none of the top 100 largest American e-commerce companies tested by Secure64 was using digital signatures to sign their zones, nor were they validating DNSSEC queries. The recent survey, conducted weekly by the National Institute of Standards and Technology, showed that less than 1% of 1,000 US industry sites have fully deployed DNSSEC, including Comcast, PayPal, Data Mountain, Infoblox, and Sprint. In the meanwhile, Dyncorp, Simon Property and Juniper Networks have done so partly.
Worse still, the names saying they aren’t deploying DNSSEC included such giants of the US industry as Bank of America, Delta Air Lines, Disney, eBay, Apple, Cisco, Google, IBM and Symantec.
February 4th,2013Posted by:
Monday, February 4th, 2013
|posted by (2013-02-04 14:51:23)|
|it's probably cheaper and easier to arrest the guy who found it rather than fix it.|
|FellAway: +1 (Like)|
|posted by (2013-02-05 07:26:18)|
|The entire force is after Mega and torrent sites. Anti-virus is billion dollars business. It is easier and cheaper to arrest the guy, but billion dollar market will collapse within few weeks.|
|ATT did'nt employ the fix I got bit by the bug. Legit email down to the fine print to verify user & pass, click the link in which had in it att.net, login page comes up exactly like the legit page, put in user & pass hit login and BAM your bit!!||
Most Popular Stories