Blogs

Cyber Vulnerability Remains 5 Years After Discovery

02.04.13

In 2008 a major flaw was discovered in the Domain Name System (DNS) which regulates traffic on the Internet. Network World reported that as a result it is “possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate website to a fake one without the website operator or end user knowing.” 

Dan Kaminsky discovered this DNS vulnerability as a security researcher in 2008 and reported his discovery widely, and although apparently most of the Internet security world including the US government and CERTagreed with the DNS vulnerability apparently 5 years later few major companies have deployed DNS Security Extensions (DNSSEC ) to alleviate this threat including: 

  • Apple,
  • Cisco,
  • Google,
  • IBM,
  • Symantec,
  • Fifth Third Bancorp,
  • Bank of America,
  • Cardinal Health,
  • Charles Schwab,
  • Delta Air Lines,
  • Disney,
  • eBay,
  • Target,
  • WellPoint, and
  • Wells Fargo 

A recent survey conducted weekly by the National Institute of Standards and Technology indicates that only 10 out of more than 1,000 U.S. industry websites have fully deployed DNSSEC including: 

  • Comcast,
  • Data Mountain Solutions,
  • Infoblox,                                                                                            
  • PayPal, and
  • Sprint.

Other companies have partial DNSSEC deployments including:

  • Dyncorp,
  • Simon Property Group, and
  • Juniper Networks 

So maybe this is not a big problem since the major companies have failed to deploy DNSSEC, but if we have a cyber disaster with the DNS perhaps those companies will think otherwise.

The publications contained in this site do not constitute legal advice. Legal advice can only be given with knowledge of the client's specific facts. By putting these publications on our website we do not intend to create a lawyer-client relationship with the user. Materials may not reflect the most current legal developments, verdicts or settlements. This information should in no way be taken as an indication of future results.

Search Tips:

You may use the wildcard symbol (*) as a root expander.  A search for "anti*" will find not only "anti", but also "anti-trust", "antique", etc.

Entering two terms together in a search field will behave as though an "OR" is being used.  For example, entering "Antique Motorcars" as a Client Name search will find results with either word in the Client Name.

Operators

AND and OR may be used in a search.  Note: they must be capitalized, e.g., "Project AND Finance." 

The + and - sign operators may be used.  The + sign indicates that the term immediately following is required, while the - sign indicates to omit results that contain that term. E.g., "+real -estate" says results must have "real" but not "estate".

To perform an exact phrase search, surround your search phrase with quotation marks.  For example, "Project Finance".

Searches are not case sensitive.

back to top