Description:
The much-discussed vulnerability in the Internet's Domain Name System is out -- and so are exploits that take advantage of it.
The flaw's founder, Dan Kaminsky of IoActive, held a Webcast today in which he gave details on his findings, and revealed that attacks have been developed to exploit it.
"Guys, we're in a lot of trouble," Kaminsky said in the Webcast. "We're still going to have the Internet, but it's not necessarily going to be the Internet we thought."
Kaminsky explained that there is a means to systematically break through the DNS hierarchy and "win the race" to guess the transaction ID of a Web query. Exploits could enable attackers to take control of Internet queries, effectively hijacking Web sessions and routing them to an unintended host.