Kaminsky to Give More Info on Super-Secret DNS Flaw
Webinar on Thursday sets stage for comment on Halvar Flake's 'guess' on Web-wide vulnerability
Famed reverse-engineering expert Halvar Flake has taken an educated guess about the super-secret, Web-wide security vulnerability that researcher Dan Kaminsky reported earlier this month. (See Vendors Issue Massive Simultaneous Patch for Common Internet Flaw.)
In his blog yesterday, Halvar Flake -- whose real identity is Thomas Dullien, CEO and head of research for German security firm Zynamics -- offered a hypothesis on the Domain Name Server flaw, which spurred an unprecedented multivendor patch.
In just a few paragraphs, Flake suggests a method of spoofing that could allow an attacker to "poison" DNS lookups. Several experts have said they believe the guess is right, and Kaminsky has been quoted as saying that Flake is "close."
Kaminsky has stated that he will not reveal details on the flaw until his Black Hat conference presentation in Las Vegas on Aug. 6. However, Kaminsky will be conducting a preview webinar about the presentation on Thursday, and he will now almost certainly be forced to respond to Flake's speculation, which has spread like wildfire across the Internet.
Kaminsky had asked researchers not to speculate about the vulnerability, citing the need for vendors and users to get their patches into place. But Flake broke the silence yesterday, suggesting that a sufficiently motivated attacker would likely have reverse engineered the problem within about four days.
"We are not buying anybody time," Flake says in his blog. "We are buying people a warm and fuzzy feeling."
— Tim Wilson, Site Editor, Dark Reading
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024