Network security researcher Dan Kaminsky has had a year to reflect on the impact of the cache poisoning vulnerability he discovered in the Domain Name System (DNS). Kaminsky revealed during last year's Black Hat Briefings a technique that made it relatively easy to exploit the bug and enable an attacker to redirect website requests to malicious sites. In the time since, Kaminsky has become an advocate for improving security in DNS, and ultimately, trust on the Internet. One way to do this is with the widespread use of DNSSEC (DNS Security Extensions), which essentially brings PKI to website requests. In this interview, Kaminsky talks about how the implementation of DNSSEC would enable greater security and trust on the Net and provide a platform for the development of new security products and services.

In the year since you went public with the DNS cache poisoning bug, what do you think the impact has been on awareness of DNS' security issues and the movement to deploy DNSSEC on a wide scale?

Dan Kaminsky: At the time I was amazed and overjoyed everyone came together to fix and address this problem. A year has done nothing to lesson my happiness that things turned out quite well. The real unifying theme culminating in the recent Obama discussion of cybersecurity is that these problems have to be taken so much more seriously, and the only way we're going to be able to dig selves out of the hole we're in is to ignore old boundaries, limitations and rules, and say we're all in this together; we're all struggling, and ignoring the problem doesn't make it go away.

DNSSEC is interesting not because it fixes DNS. DNSSEC is interesting because it allows us to start addressing core problems we have on the Internet in a systematic and scalable way. The reality is: Trust is not selling across organizational boundaries. We have lots and lots systems that allow companies to authenticate their own people, manage and monitor their own people and interact with their own people. In a world where companies only deal with themselves, that's great. We don't live in that world and we haven't for many years.

The link for this article located at Search Security is no longer available.