'Every Network Is at Risk' Thanks to Bug

Security expert says DNS flaw could cause Internet-wide chaos
By Kevin Spak,  Newser Staff
Posted Aug 7, 2008 8:05 AM CDT
Dan Kaminsky, director of penetration testing for Seattle-based computer security consultant IOActive Inc., speaks at the annual Black Hat convention in Las Vegas, Wednesday, Aug. 6, 2008.    (AP Photo/Jae C. Hong)
camera-icon View 2 more images

(Newser) – Security researcher Dan Kaminsky outlined what he calls the biggest Internet security hole since 1997 to a gathering of experts yesterday, and it's a lot worse than had been understood, Wired reports. “Every network is at risk,” Kaminsky said at the Black Hat conference in Las Vegas. "That's what this flaw has shown." The bug, a hole in the Domain Name Service, has wider implications than anyone realized when word of it leaked last month, Kaminksy said.

Hackers can not only use it to hijack web browers, they can also target FTP services, email servers, spam blockers, online banking protections, and other services. “There are a ton of different paths that lead to doom,” Kaminsky said. Since Kaminsky warned of the DNS flaw a month ago, many companies have patched their servers, but currently 58% of broadband users are still on unprotected servers, he said, as are 30% of Fortune 500 companies.