Internet hole worse than everyone thought

The vulnerability is
based upon the fact that DNS (Domain Name System) addresses are generated when
you enter a website name. The website name you enter is converted into a number
that queries the DNS system to find the website. With each query, a random
transaction number is also generated, so that when the website claiming to be
the right one responds, it also sends back the random number. In this way, the
internet is meant to ensure that your queries are matched by the right domain
destination.

However, there are a limited number of possible random
transaction numbers. 65,536 to be exact. Therefore, if you flood the DNS server
with request for a domain name, you can generate a good chance of reproducing
the correct number back. In other words, you have a 1 in 65,536 chance if you
make one request, but send in a thousand requests and you have a 1 in 65 chance
of getting the correct random number.

For a detailed technical explanation, the Linux Journal provides a pretty good overview and I
took particular note in their description of this line at the end: "Dan Kaminsky
has said that he was able to exploit systems in less than 10 seconds. That means
Dan can control your bank account, your email, your ebay account, or anything
else you do online, in a matter of seconds. And you didn't even have to do
anything."

Luckily Dan has been working with most firms to overcome this
issue before it became public domain, although he did say that 15% of Fortune
500 companies have done nothing and a further 15% are yet to do something.

Much more depth on what Dan Kaminsky has been
saying can be found at Venturebeat.com amongst others.