Chris Skinner's blog

Shaping the future of finance

Internet hole worse than everyone thought

Chris Skinner Author Avatar
by

Following on from

yesterday's
post,
Dan Kaminsky spoke at the Black Hat Conference
today and said that the hole he had found in the interent had been worse than
feared, saying that "every network is at risk."

The vulnerability is
based upon the fact that DNS (Domain Name System) addresses are generated when
you enter a website name. The website name you enter is converted into a number
that queries the DNS system to find the website. With each query, a random
transaction number is also generated, so that when the website claiming to be
the right one responds, it also sends back the random number. In this way, the
internet is meant to ensure that your queries are matched by the right domain
destination.

However, there are a limited number of possible random
transaction numbers. 65,536 to be exact. Therefore, if you flood the DNS server
with request for a domain name, you can generate a good chance of reproducing
the correct number back. In other words, you have a 1 in 65,536 chance if you
make one request, but send in a thousand requests and you have a 1 in 65 chance
of getting the correct random number.

For a detailed technical explanation, the Linux Journal provides a pretty good overview and I
took particular note in their description of this line at the end: "Dan Kaminsky
has said that he was able to exploit systems in less than 10 seconds. That means
Dan can control your bank account, your email, your ebay account, or anything
else you do online, in a matter of seconds. And you didn't even have to do
anything."

Luckily Dan has been working with most firms to overcome this
issue before it became public domain, although he did say that 15% of Fortune
500 companies have done nothing and a further 15% are yet to do something.

Much more depth on what Dan Kaminsky has been
saying can be found at Venturebeat.com amongst others.

TechnologyCategories
Chris Skinner Author Avatar

Chris M Skinner

Chris Skinner is best known as an independent commentator on the financial markets through his blog, TheFinanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal's Financial News. To learn more click here...

Intelligent Money: Our Future Is Where We Do Not Think About Money, As Our Money Thinks For Us

What is the future?

Learn more

Learn more about Chris

About Chris Skinner

The Past, Present And Future Of Banking, Finance And Technology

Fintech expert Chris Skinner: countries need digital transformation to remain competitive

Join me on Linkedin

Follow Me on X!

Hire Chris Skinner for dinners, workshops and more

Learn directly from from one of the most influential people in technology, gain insights from the world's most innovative companies, and build a global network.

Chris’s latest book

Order now

Chris Skinner’s ‘Intelligent Money’ Book Launch Event

The 10 Most Empowering Business Leaders to Watch in 2025

Top 50 Global Thought Leaders and Influencers on Finance 2024

Global Awards

Lifetime Achievement Award

Global 100 - 2024 Winner

Chris Skinner - Financial Markets Advisor of the Year - The Finanser - UK 2023

Best Financial Markets Advisor of the Year 2023

30 Best Regtech Blogs and Websites 2023

Kids creating the future bank | TEDxAthens

Captain Cake and the Candy Crew

Captain Cake Winner of a Golden Mom’s Choice Award

TWO-TIME WINNER OF A MOM’S CHOICE GOLD AWARD!

Alex at the Financial Services

Gaping Void's Hugh MacLeod worked with the Finanser