Dan Kaminsky is master of all that is terrible and wonderful about the Internet's Domain Name Service, a vital piece of Internet infrastructure dating back to 1983, whose criticality and age make it a source of ongoing problems in Internet securityland.
The most recent DNS meltdown is the "glibc DNS bug" (AKA CVE-2015-7547) in which an ancient, lurking bug in a critical software library (Glibc) that is itself both ancient and widespread in its points of contact with software of all description, can be potentially triggered by tricking a remote computer into simply looking up a domain name.
This is very easy to do: computers look up domain names all the time, just to figure out which stuff to ignore as malware. Mail servers look up senders' domains to decide whether they're spoofed; spam filters look up domains inside messages; print servers look up domains to figure out if requests are coming from an authorized machine.
So it's a bug that potentially yields full control over another computer, and you can trigger it by forcing or tricking that computer into looking up a domain name. This is very grave.
Kaminsky drills into some detail about how grave this is, but then it gets really interesting, because although there's a patch for this bug (though how long it will take for all affected computers to apply it is anyone's guess, the last one of these took a decade to be fully remediated), the thing that makes this bug possible is getting worse, not better:
It is unlikely this is the only platform threat, or even the only threat in glibc. With the Internet of Things spreading extraordinarily, perhaps it’s time to be less concerned about being able to spy on every last phone call and more concerned about how we can make sure innovators have better environments to build upon. I’m not merely talking about the rather “frothy” software stacks adorning the Internet of Things, with Bluetooth and custom TCP/IP and so on. I’m talking about maintainability. When we find problems — and we will — can we fix them? This is a problem that took Android too long to start seriously addressing, but they’re not the only ones. A network where devices eventually become existential threats is a network that eventually ceases to exist. What do we do for platforms to guarantee that attack windows close? What do we do for consumers and purchasing agents so they can differentiate that which has a maintenance warranty, and that which does not?
Are there insurance structures that could pay out, when a glibc level patch needs to be rolled out?
There’s a level of maturity that can be brought to the table, and I think should. There are a lot of unanswered questions about the scope of this flaw, and many others, that perhaps neither vendors nor volunteer researchers are in the best position to answer. We can do better building the secure platforms of the future. Let’s start here.
A Skeleton Key of Unknown Strength [Dan Kaminsky]
(via Naked Capitalism)
(Image: Dan Kaminsky, Jason Scott, CC-BY)