Security Researcher Kaminsky Pushes DNS Patching 57
BobB-nw writes "Dan Kaminsky, who for years was ambivalent about securing DNS, has become an ardent supporter of DNS Security Extensions.
Speaking at the Black Hat DC 2009 conference Thursday, the prominent security researcher told the audience that the lack of DNS security not only makes the Internet vulnerable, but is also crippling the scalability of important security technologies. 'DNS is pretty much our only way to scale systems across organizational boundaries, and because it is insecure it's infecting everything else that uses' DNS, the fundamental Internet protocol that provides an IP address for a given domain name, said Kaminsky, director of penetration testing at IOActive. 'The only group that has actually avoided DNS because it's insecure are security technologies, and therefore those technologies aren't scaling.'"
DJB discovered the "Kaminsky bug" (Score:4, Insightful)
I started to RTFA when something caught my eye: "his discovery of a significant DNS flaw -- known as the Kaminsky Bug"
Except Kaminsky wasn't the original discoverer of this bug (or the workaround). Dr. Bernstein is. Dr. Bernstein discusses hte Kaminsky bug here [cr.yp.to]; that page has been around since about late 2000 [archive.org].
For the record, I am no fan of DJB. I feel he has acted unprofessional and childlike at time; his response to an announcement of my DNS server on Bugtraq [derkeiler.com] being just one example of his inappropriate behavior. But, personal differences aside, I recognize he's a genius and that he's the original discoverer of this particular DNS issue.
(I also wish DJB would own up to the remote denial of service bug DjbDNS has, but that's another issue)