Quote:
Originally Posted by Elspode
It is widely known that DNS vulnerabilities are due to management failures.
|
NY Times discussed this problem and temporary solution almost four month ago in early August in "Leaks in Patch for Web Security Hole ".
Quote:
|
The general risk of such a flaw had been known for some years within the insular Internet technical community. But in the last month security engineers have repeatedly stated that it is only a matter of time before financial organizations and others are attacked by computer criminals seeking to exploit the now-public flaw. One expert says this is happening now.
|
The problem has been known for much longer than anyone cared to admit.
Quote:
The root of the problem lies in the fact that the address system, which was invented in 1983, was not meant for services like electronic banking that require strict verification of identity.
They are relying on infrastructure that was not intended to do what people assume it does,” said Clifford Neuman, director of the Center for Computer Systems Security at the University of Southern California. “What makes this so frustrating is that no one has been listening to what we have been saying for the past 17 years.”
|
A solution still has not been implemented.
Quote:
|
Mr. Mockapetris described the patch that is now being put in place as the equivalent of “playing Russian roulette with a gun that has 100 bullet chambers instead of six.”
|