DNS opens networks to data attacks
The security hack essentially uses data transferred by domain name service (DNS) servers to hide additional information in the network communications. DNS servers act as the white pages of the Internet, invisibly transforming easy-to-remember domain names--such as www.cnet.com--into the numerical network addresses used by computers. Moreover, corporate security measures, such as firewalls, tend to ignore DNS data because they assume it's harmless, said Dan Kaminsky, a security researcher for telecommunications firm Avaya and a speaker at the Defcon hacking conference here.
"DNS is everywhere--you cannot communicate over the global Internet without knowing where to go," he said. "No one notices DNS; no one monitors it."
By Robert Lemos at CNET.
[ Read more ]