What is the Kaminsky bug?
In the summer of 2008, researcher Dan Kaminsky discovered how flaws in the Internet’s Domain Name System, DNS, can be exploited for an attack. Through the so-called Kaminsky bug an attacker can, by simple means, trick Internet users by temporarily taking over a domain name and redirecting queries to another server.
This method can simplify so-called "phishing", when users believe that they are communicating with for example their online bank, but are actually being tricked into sending sensitive information such as account numbers and passwords to the attacker's server.
The film here shows how an attack is carried out technically. With software that has been upgraded the attack is more difficult to carry out, but is still feasible. The long-term solution is to use the security extensions to DNS called DNSSEC.
