"More than a decade after serious holes were discovered in the
internet's address lookup system, end users remain vulnerable to
so-called domain name system cache poisoning, a security researcher has
warned.
Developers of the software that handles DNS lookups have
scrambled to patch buggy code that could allow the attacks, but not to
the satisfaction of Amit Klein, CTO of security firm Trusteer, who over
the past year has uncovered serious new vulnerabilities in multiple DNS
products.
Last July, he exposed flaws in Berkeley Internet Name Domain
(BIND), the mostly widely used DNS server. The flaws allowed attackers
to predict the pseudo-random number transaction number that the
software uses when providing the numeric IP address of a requested web
page. That, in turn, could allow the attacker to supply a fraudulent
address that leads to a malicious destination.
"I'm not too comfortable with the quality of the solution from
the security and predictability standpoint," Klein said during a
session at last week's RSA security conference in San Francisco."
Article: http://www.theregister.co.uk/2008/04/15/dns_cache_poisoning/
