X
Tech
Home Tech Computing Servers

Expert: SOA vulnerable to DNS security flaw, too

This just in from the Black Hat security confab currently taking place in Las Vegas: Dan Kaminsky, a well-known IT security researcher, disclosed his findings around the Domain Name Server flaw (or DNS cache poisoning vulnerability), and where it can bite. Tim Wilson of Dark Reading reported on Kaminsky's presentation, who said the flaw enables attackers "to exploit the DNS design to quickly guess the transaction ID of an address query and potentially re-route the user to an unexpected domain.
Written by Joe McKendrick, Contributing Writer

This just in from the Black Hat security confab currently taking place in Las Vegas: Dan Kaminsky, a well-known IT security researcher, disclosed his findings around the Domain Name Server flaw (or DNS cache poisoning vulnerability), and where it can bite. Tim Wilson of Dark Reading reported on Kaminsky's presentation, who said the flaw enables attackers "to exploit the DNS design to quickly guess the transaction ID of an address query and potentially re-route the user to an unexpected domain."

(For more details, ZDNet colleague Ryan Nariane provides an interesting behind-the-scenes look at the politics and posturing that took place behind the vulnerability, and ensuing July 8th patch release to help mitigate the threat.)

As Kaminsky put it, there are apparently implications for companies SOA-enabling their applications. As relayed by Tim Wilson, Kaminsky said the problem extends far and wide across the enterprise:

"While most early discussions focused on Web surfing and the potential hijacking of users' browser sessions, Kaminsky today pointed out that DNS address queries are embedded in a wide variety of applications and services that had not entered the conversation previously.

"The Internet is more than just the Web," Kaminsky said. "HTTP is used in more than just the browser."

Most email systems, for example, contain DNS lookup capabilities and even their own name servers, Kaminsky observed. "Email servers are awesome at doing DNS lookups," he said. "They will do a DNS lookup for any reason at all. And your spam filter will not stop this problem."

Many enterprises also believe that their internal DNS environments will not be vulnerable, Kaminsky observed. But many internal environments also work with external DNS servers, and even if they didn't, most internal environments are also connected to DNS servers used by customers or suppliers, he noted.

The DNS flaw can affect any system that uses the Internet, including older applications such as FTP that are still widely used, Kaminsky noted. "Back-end IT systems such as Telnet, SNMP, authentication servers (such as Radius), backup and restoral systems, and even service-oriented architecture (SOA) environments all use DNS, and could be subject to attack via the newly discovered flaw."

Interesting stuff, and a reminder that SOA means security needs to be a holistic enterprise commitment. Especially since organizations will be relying more on services that not only come from other parts of the organization, but from outside the firewall, too. Be sure to practice "Safe SOA..."

Editorial standards
Show Comments

Related

Samsung Galaxy A35 5G home screen on a wooden bench.

Forget the Pixel 8a. This $399 Samsung phone is a force to be reckoned with

Logitech Mevo Core Streaming camera on a tripod on set

I fly 10 times a year. These 5 tech gadgets are lifesavers

GOTRAX 4 electric scooter

This 11-in-1 docking station freed up my cluttered workspace, and it's 40% off