Security researcher Dan Kaminsky outlined what he calls the biggest Internet security hole since 1997 to a gathering of experts yesterday, and it's a lot worse than had been understood, Wired reports. “Every network is at risk,” Kaminsky said at the Black Hat conference in Las Vegas. "That's what this flaw has shown." The bug, a hole in the Domain Name Service, has wider implications than anyone realized when word of it leaked last month, Kaminksy said.
Hackers can not only use it to hijack web browers, they can also target FTP services, email servers, spam blockers, online banking protections, and other services. “There are a ton of different paths that lead to doom,” Kaminsky said. Since Kaminsky warned of the DNS flaw a month ago, many companies have patched their servers, but currently 58% of broadband users are still on unprotected servers, he said, as are 30% of Fortune 500 companies.