Dan Kaminsky Reveals DNS Flaw At Black Hat

More than 80 technology vendors launched an unprecedented campaign to fix a flaw in widely distributed DNS software that could allow a form of attack called DNS cache poisoning.
During his presentation, Kaminsky revealed that 70% of the Fortune 500 have patched, 15% have tried to patch but had issues with NAT (Network Address Translation), and 15% haven't done anything.

"We did kinda good here," said Kaminsky.

At a news conference after his presentation, Kaminsky said the response went far beyond what he had expected. Nonetheless, there's still work to do.

Cybe criminals, meanwhile, have started exploiting the DNS vulnerability. Late last month, according to security researcher HD Moore, an AT&T Internet Services DNS cache server was altered to replace the cached entry for with a Web page that served advertisements using an iframe. Though the server has since been fixed and the attack wasn't particularly malicious, it's clear that concern about Kaminsky's DNS flaw is warranted.

At the news conference, Kaminsky said that there have probably been far more such incidents. But he said that those affected tend not to want to say anything.

"We need to stop assuming the network is as friendly as it is," said Kaminsky. "...Every network is a hostile network."

Kaminsky said if there was one thing he could ask for, it would be securing e-mail. "E-mail has the highest sensitive-information-to-total-lack-of-encryption ratio to anything else that we use," said Kaminsky. "If there's one change that I ask for, can we start looking into securing e-mail between companies? ... We are just addicted to sending sensitive information across the Internet insecurely."

The slides from Kaminsky's presentation, which explain the technical aspects of the DNS attack, are now available on his Web site,