Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, August 29, 2008

“One-Character Patch” for DNS? Not so fast

A domain-name system (DNS) researcher proposed on Wednesday that the addition of a single character to the popular BIND name server software could severely limit cache poisoning attacks, such as those described by researcher Dan Kaminsky.  The suggestion, made by computer scientist Gabriel Somlo, would make exploitation of name server caches more difficult.  However, the “one-character patch” also has some serious side effects, Dan Kaminsky, director of penetration testing for IOActive, said in an e-mail interview with SecurityFocus.

Some major hosts have no TTLs or very low TTLs and, for those servers, you gain very little, he said.

“If we can’t override them—can’t override high TTLs—those sites go down for a very long time,” Kaminsky said.

“I never claimed my one-character patch would fix all bugs in bind (sic)—I don’t have that kind of power,” Somlo joked on the mailing list.

Posted on 08/29