Kaminsky Reveals Details of Critical DNS Flaw

During the Black Hat USA conference, in Las Vegas, Kaminsky, director of penetration testing for IOActive, revealed to a packed audience details of a Domain Name Server vulnerability that can open the door wide for what is known as cache poisoning attacks -- tricking the DNS to accept an incorrect request which subsequently reroutes unsuspecting users to another, usually malicious, Web site.

Once a user is rerouted to an unknown site, financially driven cyber criminals then have the ability to dump Trojans, keystroke loggers and an array of malicious payloads onto users' vulnerable computers.

But that's not all, Kaminsky told his audience, comprised of security vendors, researchers and other IT professionals. In addition to cache poisoning attacks -- which have actually been around for a while -- this new variation of vulnerability can be used by bad people to exploit IPSec VPNs, SSL certification, automatic software update systems, spam filters and VoIP systems.

Perhaps it was not quite the announcement that Kaminsky had first envisioned.

Kaminsky first stepped into the public eye months ago with a discovery of the fundamental flaw in the DNS protocol, which provides a back and forth "conversation" between host URLs to IP addresses. If the attacker is able to determine certain crucial request functions, like source port and the query ID, he or she could then send a phony response that is cached by the DNS server.

This kind of fatal flaw has actually been around for years. But what Kaminsky discovered was a quicker, more efficient and more reliable means for hackers to implement the attack. The discovery of this variation was monumental also because it affects a wide array of platforms and vendors -- from Microsoft, to Linux, to the Internet Systems Consortium -- many of which have already developed patches addressing the flaw.

Kaminsky had initially requested for members of the security research community to uphold a proposed "discussion blackout" on details of the DNS error, and said he planned to withhold his findings until this year's Black Hat conference in order to allow adequate time for users to properly patch their systems.

The move, however, elicited a barrage of criticism from fellow security professionals and other industry colleagues who maintained that the endangered public had a right to know details of the vulnerability as soon as possible. Kaminsky's critics argued that hackers already know the exploit code and are well on their way to developing attacks. A few researchers even posted exploit code and other details of the notorious DNS error.

However, ultimately, Kaminsky's revelation was well received, in part, due to his audience's shared common knowledge of the fundamentals of the problem. From there, he was able to truly delve into details about what he termed as a "domino effect" vulnerability that had the potential to affect almost every aspect of Web infrastructure, particularly in online search arena.