Home / News

Day 30: Kaminsky DNS Bug Disclosure

In a highly anticipated presentation, Internet security researcher Dan Kaminsky today gave details of the much talked about Domain Name System (DNS) vulnerability issue which has been intensely covered since it was publicly announced a month ago on Jul 8th. Although original plans entailed keeping the bug details undisclosed for 30 days in order to allow for necessary security patches to be implemented around the world, details of the bug were eventually leaked-and-confirmed 13 days after its public announcement. Even so, just hours ago in jam-packed ballroom during the Black Hat conference, Kaminsky delivered his 100-plus-slide presentation detailing the DNS flaw that, if exploited, could potentially “destroy the Web”.

Essentially, as Kaminsky later summarized in his blog post, “DNS servers had a core bug, that allows arbitrary cache poisoning,” even behind firewalls. By exploiting this vulnerability, criminals could execute a wide range of attacks including redirecting victims to bogus websites, corrupt email, and compromise password recovery systems.

And on the plus side, Kaminsky pointed out that as a result of excellent collaborative effort within the security community, more than 120 million broadband Internet users (42% of broadband subscribers) are now protected due to patches that have been deployed by various Internet and software companies.

Additionally, 70 percent of Fortune 500 companies are said to have patched their mail servers along with 61 percent of non-mail servers.

In an interview after the presentation, Kaminsky said that although things didn’t go perfectly as planned, it went better than he had any right to expect. And that he would do it again if he had to.

DNS Patching in Action

The following video, created by Clarified Networks, shows the mapped visualization of DNS servers around the world as they are patched and secured during the last 30 days. In the video, vulnerable servers appear as red dots and turn green as they are patched.

The Time Line

The following is the timeline of events, as covered by CircleID, from the time the DNS flaw was publicly announced until today, 30 days later when full disclosure of the vulnerability was disclosed.

Jul 08 - Largest Synchronized Internet Security Effort Underway to Patch Newly Found DNS Bug
Jul 09 - An Astonishing Collaboration
Jul 14 - Not a Guessing Game
Jul 21 - DNS Security Flaw Secret Leaked Prior to Set Date: Patch DNS as Fast as Possible
Jul 22 - Just a Matter of Time Before DNS Attack Code Might Surface
Jul 23 - DNS Attack Code Has Been Published
Jul 24 - US-CERT Says They Are Aware of DNS Exploit Code, Emphasizes Urgent Patching
Jul 28 - Possible First Attacks on DNS Flaw Have Been Reported
Jul 30 - DNS Attack Creator Becomes a Victim of His Own Creation
Aug 06 - Kaminsky DNS Bug Disclosure

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Timeline... David A. Ulevitch  –  Aug 7, 2008 5:26 AM

The timeline actually begins back in march when we all met up at MSFT.  I suppose it began when kaminsky found this issue, but resolution started back in march.

RE: Timeline Ali Farshchian  –  Aug 7, 2008 5:51 AM

Correct and just to clarify the timeline start date in the post is actually referring to the start of the 30-day time period which began with a public non-technical press conference on Jul 8th - the mass media news break day.

Kaminsky DNS visualisation originals Jani Kenttälä  –  Aug 7, 2008 8:40 AM

Kaminsky DNS visualization originals and video of passive Kaminsky DNS vulnerability view can be found from:

http://www.clarifiednetworks.com/KaminskyDNS

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

DNS

Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global