IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

DNS researcher claims 35 ways to exploit flaw

Dan Kaminsky has told the Black Hat conference that the DNS security flaw is even worse than expected.

The security researcher who uncovered the DNS security flaw has said it could be worse than previously thought, and offers attackers some 35 ways to exploit cache poisoning.

Speaking at the Black Hat hacker conference in Las Vegas, Dan Kaminsky highlighted how the flaw could be used to redirect users to malicious sites, as well as to intercept or edit email.

Kaminsky ran through another scenario in which a website could be tricked into sending a username and password to an email account controlled by a malicious attacker, using a forgotten password reminder.

These attacks are all made possible by the flaw, which allows attackers to poison DNS caches and redirect users to malicious third-party sites, even when they have correctly entered the address of a different, legitimate site.

Because the attack targets a fundamental service that powers the internet there are multiple ways it could be used for nefarious purposes; 35 at Kaminsky's count.

The security vulnerability was first discovered over six months ago, but Kaminsky revealed no details of it to allow an unprecedented collaboration between Microsoft, Sun and Cisco to develop a fix.

Despite only being recently announced, reports suggest that the flaw is already being used. AT&T has announced that it spotted an attempt to redirect users accessing www.google.com to a third-party website hosting advertisements.

Last month, Kaminsky said precautions taken to protect systems against the flaw were not strong enough, and Microsoft warned that attacks were "imminent".

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

Salaries for the least popular programming languages surge as much as 44%
Development

Salaries for the least popular programming languages surge as much as 44%

23 Jun 2022
The UK's best cities for tech workers in 2022
Business strategy

The UK's best cities for tech workers in 2022

24 Jun 2022
LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022