Day 30: Kaminsky DNS Bug Disclosure

By CircleID Reporter
Day 30: Kaminsky DNS Bug Disclosure

In a highly anticipated presentation, Internet security researcher Dan Kaminsky today gave details of the much talked about Domain Name System (DNS) vulnerability issue which has been intensely covered since it was publicly announced a month ago on Jul 8th. Although original plans entailed keeping the bug details undisclosed for 30 days in order to allow for necessary security patches to be implemented around the world, details of the bug were eventually leaked-and-confirmed 13 days after its public announcement. Even so, just hours ago in jam-packed ballroom during the Black Hat conference, Kaminsky delivered his 100-plus-slide presentation detailing the DNS flaw that, if exploited, could potentially "destroy the Web".

Essentially, as Kaminsky later summarized in his blog post, "DNS servers had a core bug, that allows arbitrary cache poisoning," even behind firewalls. By exploiting this vulnerability, criminals could execute a wide range of attacks including redirecting victims to bogus websites, corrupt email, and compromise password recovery systems.

And on the plus side, Kaminsky pointed out that as a result of excellent collaborative effort within the security community, more than 120 million broadband Internet users (42% of broadband subscribers) are now protected due to patches that have been deployed by various Internet and software companies.

Additionally, 70 percent of Fortune 500 companies are said to have patched their mail servers along with 61 percent of non-mail servers.

In an interview after the presentation, Kaminsky said that although things didn't go perfectly as planned, it went better than he had any right to expect. And that he would do it again if he had to.

DNS Patching in Action

The following video, created by Clarified Networks, shows the mapped visualization of DNS servers around the world as they are patched and secured during the last 30 days. In the video, vulnerable servers appear as red dots and turn green as they are patched.

The Time Line

The following is the timeline of events, as covered by CircleID, from the time the DNS flaw was publicly announced until today, 30 days later when full disclosure of the vulnerability was disclosed.

Jul 08 - Largest Synchronized Internet Security Effort Underway to Patch Newly Found DNS Bug
Jul 09 - An Astonishing Collaboration
Jul 14 - Not a Guessing Game
Jul 21 - DNS Security Flaw Secret Leaked Prior to Set Date: Patch DNS as Fast as Possible
Jul 22 - Just a Matter of Time Before DNS Attack Code Might Surface
Jul 23 - DNS Attack Code Has Been Published
Jul 24 - US-CERT Says They Are Aware of DNS Exploit Code, Emphasizes Urgent Patching
Jul 28 - Possible First Attacks on DNS Flaw Have Been Reported
Jul 30 - DNS Attack Creator Becomes a Victim of His Own Creation
Aug 06 - Kaminsky DNS Bug Disclosure

Related topics: Cybersecurity, DNS, Networks

Comments

Timeline... David A. Ulevitch  –  Aug 06, 2008 10:26 PM PDT

The timeline actually begins back in march when we all met up at MSFT.  I suppose it began when kaminsky found this issue, but resolution started back in march.

RE: Timeline Ali Farshchian  –  Aug 06, 2008 10:51 PM PDT

Correct and just to clarify the timeline start date in the post is actually referring to the start of the 30-day time period which began with a public non-technical press conference on Jul 8th - the mass media news break day.

Kaminsky DNS visualisation originals Jani Kenttälä  –  Aug 07, 2008 1:40 AM PDT

Kaminsky DNS visualization originals and video of passive Kaminsky DNS vulnerability view can be found from:

http://www.clarifiednetworks.com/KaminskyDNS