Home / Technology / Internet hole worse than everyone thought

Internet hole worse than everyone thought

Following on from yesterday’s
post,
Dan Kaminsky spoke at the Black Hat Conference
today and said that the hole he had found in the interent had been worse than
feared, saying that "every network is at risk."

The vulnerability is
based upon the fact that DNS (Domain Name System) addresses are generated when
you enter a website name. The website name you enter is converted into a number
that queries the DNS system to find the website. With each query, a random
transaction number is also generated, so that when the website claiming to be
the right one responds, it also sends back the random number. In this way, the
internet is meant to ensure that your queries are matched by the right domain
destination.

However, there are a limited number of possible random
transaction numbers. 65,536 to be exact. Therefore, if you flood the DNS server
with request for a domain name, you can generate a good chance of reproducing
the correct number back. In other words, you have a 1 in 65,536 chance if you
make one request, but send in a thousand requests and you have a 1 in 65 chance
of getting the correct random number.

For a detailed technical explanation, the Linux Journal provides a pretty good overview and I
took particular note in their description of this line at the end: "Dan Kaminsky
has said that he was able to exploit systems in less than 10 seconds. That means
Dan can control your bank account, your email, your ebay account, or anything
else you do online, in a matter of seconds. And you didn’t even have to do
anything."

Luckily Dan has been working with most firms to overcome this
issue before it became public domain, although he did say that 15% of Fortune
500 companies have done nothing and a further 15% are yet to do something.

Much more depth on what Dan Kaminsky has been
saying can be found at Venturebeat.com amongst others.

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

100 years from now, will we look back and think how ignorant we were?

I was talking about space exploration with a colleague the other day. They looked at …