After the DNS (Domain Name resolution system) Cache Poisoning Vulnerability was revealed, Dan Kaminsky appeared for the first time on Thursday and said he only wanted everyone to know that the system should be repaired immediately.
In a video conference before the second Black Hat conference, Kaminsky proposed the most detailed DNS vulnerability he had known so far (although he had discovered it earlier this year, but it was not until July 8 ). DNS converts an English website address to a digital IP address, which is one of the basic components of the Internet. He chose to publish the post at this time because it was patched.ProgramSent. However, he kept a lot of details and hoped that the system could be quickly supplemented to avoid intrusion by the bad guys.
Kaminsky said that although many people know that patches have been fixed, many systems still have this vulnerability. From October 13 to October 13, 86% users who directly tested online to detect vulnerabilities found system vulnerabilities. Today, it is reduced to 52%. "It's not perfect. You can't even name it ." He said.
He said that at first he was looking for a DNS method for content delivery and found this vulnerability. "How big is the problem? Very large ."
In securityCommunityIn the discussion, Kaminsky indicates that Halvar flake's speculation is the closest. If someone says that he already knew that the DNS vulnerability exists, Kaminsky said, "it's a lie ".
Kaminsky said that he is currently working on three vulnerabilities: the two are known, but the other is not yet made public. Security researchers have always believed that it is difficult to poisoning DNS records. He said you can take this as a competition. Both good people and bad people want to get a secret digital transaction ID. "You may be the first to arrive, but you cannot overspeed the finish line without that confidential number ." A good guy must have this thing, but the bad guy also has a chance of one out of 60 thousand, because the transaction ID is based on the port number.
One of the DNS vulnerabilities is that the bad guys can race at any time, even if he doesn't know this set of transaction numbers, he can guess it. Another basic vulnerability is that several bad guys may guess this group of numbers at the same time. The third vulnerability found by Kaminsky is that not only are several bad guys allowed to participate in the same game at the same time, but they can also be divided into several groups. He gave an example of www.blackhat.com. The bad guy not only guesses the transaction ID of the address, but also guesses such as 1.blackhat.com and 2.blackhat.com.
He said, everyone would think, "If you set TTL (long time to live), for example, a year is better, it should be okay ." However, Kaminsky found that as long as he searched for 1.blackhat.com and 2.blackhat.com, he could find the name.ServerAnd guess the transaction ID. Kaminsky indicates that the entire response time process is about 10 seconds.
"Fixing is the only method that can close the attack source ." Said Jerry Dixon, Director in front of the Department of Homeland Security (DHS. Joao Damas, Senior Program Manager of rich mogul and Internet Systems Consortium of securosis, said.
Kaminsky said that the current repair will make it more difficult for people who want to exploit the vulnerability several thousand times, but it is not impossible. This bug is the core issue of design, and the design itself has this problem.
What do we learn from here? "We know what reinforcement actions we need in the future, and we will wait for the security community to judge this issue ."
For the long term, Kaminsky believes there will be a debate in the future. He is expected to give a speech at the Las Vegas Black Hat conference in August 6, entitled "endCAChe as we know it ".