DNS vulnerability discoverer Dan Kaminsky

Source: Internet
Author: User

Dan Kaminsky appeared in this year's Black Hat conference. He just ended a demonstration meeting with a audience of 1000 people yesterday. In the past 10 years, he made 9th speeches at the Black Hat conference. Dan, 29-year-old self-called a DNS expert, discovered a serious vulnerability in the DNS system earlier today. To prevent the Internet from being hit hard, he has been reluctant to disclose the details of the Vulnerability (DNS vulnerability details are leaked, and the attack is about to begin ). Venturebeat (VB) REPORTER Dean Takahashi interviewed Dan Kaminsky (DK) at the Black Hat conference.


VB: how to describe this vulnerability?

DK:DNS problems always exist, we have 65000/1
But we feel that you only have one chance to attack every day. Trying 65000 days is not easy, so it is not so dangerous. However, this low probability attack is always a hidden risk. Now, here
Under a new vulnerability, a hacker can initiate 65000 attacks within 10 seconds, which is easy to achieve.

VB: Do you think you are a security leader?

DK:
Adding this vulnerability causes a lot of noise. If you find a security vulnerability that may affect many people, you have three things to do. First, it is not difficult to find a vulnerability, and it does not take too much time.
You need to write a patch. Because writing a patch involves too many companies, we must find a way to let these companies sit down and discuss it together. We need to let many people understand the importance of the patch; but this is not enough because
This vulnerability is a structural vulnerability. The third step is to let network operators know the vulnerability and persuade them to upgrade the system. We made patches and needed them to participate in the test.

VB: How did you start your security career?

DK:I used to do a very boring job at Cisco.

VB: Why?

DK:I have been a geek for a long time.

VB: What was your first experience in the security field?

DK:When I was in college, I found that anyone who wants to use a school printer needs to execute a piece of code from the school on their computer, which left me bored.
Docsprint system, you don't have to log into the school system, just send print data to my server, that moment, Santa Clara
Half of the college student dormitory's printing tasks are carried out through our dormitory, which is very interesting. I then came to Cisco to work on the network and use a very bad language to do something that I don't even have documentation. I found
Modify the code for some errors. I started to learn security, and I was very invested in reading a lot of such books. Ryan
My friend sent me an email. He said that the writing level is good. I asked him to write a chapter in a book but didn't sign it for me. The book is called "network attack prevention". I have never told anyone. That year, there was
You can win a T-shirt or a ticket to the Black Hat conference. I really want to get a ticket to the Black Hat conference. I'm going to join DEFCON.
Now, I have my signatures in the book, but I still run Cisco's Dan.
Kaminsky. I didn't tell Cisco that I used the company name when I signed it. No one took me as an intern. At the black hat conference, I went to a conference venue, Mudge.
Hosted there, he was one of the oldest hackers at the time. He asked a question. I answered the question. He asked me how old I was. I said 20. He said, never tell others how old you are. Otherwise, they will not trust you. That is my
One black hat, this is 10th times.

VB: How old are you this year?

DK:I won't tell you. I am 29.

VB: Why did you discover this vulnerability?

DK:I have been researching for a long time
DNS. This is the third time I talked about this topic at the Black Hat conference. This is the first time I 've talked about this. I 've talked about how to use the DNS system for data tunnel, data storage, or common communication channels. Go
I talked about how to use DNS to interact with Web browsers to bypass the firewall. I don't want to destroy the DNS system, I just want to create a new CDN
Network, I want to switch people from slow servers to fast ones. Can I use DNS for implementation? Since last year, I have had such a tool. If I use this method, I have to solve the TTL problem.
The problem is that TTL slows down. I think the reason for slowness is to prevent caching viruses, but it is completely feasible. I was stunned. I contacted Paul, ISC's president.
Vixie, who has been studying DNS for 20 years, is the designer of BIND. I said, Paul, we are in trouble. We started to contact people we know, and all of them were very cooperative.

VB: Is it difficult to find 16 people you trust?

DK:The DNS circle is not big.

VB: Do people understand what it means?

DK:Everything is clear that this vulnerability will break everything. It is not appropriate for such a simple vulnerability to cause a large number of problems.

VB: You mentioned that this structural vulnerability exists since 1983. Does this mean that the Internet needs a thorough transformation?

DK:DNS design in 1983
Security issues do not need to be considered, or even do not exist in 1993. People did not invest much in security until the end of 1990s, that is, since then, at first, Someone targeted the assets on the network and
Damage. Security Vulnerabilities in various systems are varied, but we are used to using the Internet in an insecure way. Each time we use SSL
You may encounter problems. Sometimes the problems are mitigated in some aspects and deteriorated in other aspects.

VB: You said this vulnerability has a wide impact. Why?

DK:DNS
The accuracy is very important. Once damaged, everything will be messed up. Initially, in July 8, I pointed out that this problem would cause users to browse fake websites, and emails may be sent to wrong directions. This pair
Security is enough. However, this is not enough. DNS is the heart of the entire Internet. SSL requires you to get a certificate, but to get a certificate, You Need DNS and pass
If the DNS crashes, SSL cannot work securely.

VB: you also mentioned that security issues may occur in the password retrieval function on almost all login webpages. Can you explain this?

DK:If you forget the password, they will send you an email containing a link for you to reset the password. They do not verify who you are. Imagine, what if someone else gets this email?

VB: You said, we are lucky to be a security expert, not someone else who has discovered this problem.

DK:
Service capability is a neglected security issue. The biggest lesson I learned this year is this. You must assume that some part of your architecture may have problems, and you are always ready to solve them quickly. We need a process,
How many days does it take to resolve the problem from getting a warning. This issue needs to be taken into consideration when people buy such systems. This system should easily fix vulnerabilities. A system that can fix vulnerabilities within 8 hours, more than 90 days
The system that can be repaired is more vulnerable to attacks. The difference between a random hacker and a security expert is whether there is a disaster plan and a sense of relief.

VB: Will more vulnerabilities be discovered?

DK:Money is a good thing. There is a venue where there is a chance about the vulnerability, which has a lot of money.

VB: is there evidence that the attack is in progress?

DK:I know something went wrong with Austin. I believe that Google involved is related to click fraud. But we are waiting for more data and there are some things in progress, but I cannot say that I have some data in hand and we are still analyzing it.

VB: But you are confident that cooperation across the industry will bring good results in the future, right?

DK:I think our current model can solve such problems, but I don't think we have done well. We lost Nat
We have lost an entire industry with Firewall vendors. We should include them, but you cannot argue about some numbers. Today, 0.1 billion 20 million broadband users are protected. Initially, tests were conducted on my website
Of the users, 84% of them have vulnerabilities, but now 30%. This is our result.

International Source: http://venturebeat.com/2008/08/07/black-hat-an-interview-with-dan-kaminsky-the-dns-dude-who-saved-the-internet/#slide_4
Source: comsharp CMS official website

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.