1. Introduction
The recent vulnerability in DNS (Domain Name System) discovered by Dan Kaminsky created a havoc in the information security field. With lots of speculations and questions revolving around this bug, in this article I will try to explain the attack vector and implications of this vulnerability. At the time of writing this, none apart from Kaminsky knows the actual details of this bug. In this document, I have tried to collect the information from various web sites, security researchers and tried putting all information in more understandable way. Though the information is not available to public, Kaminsky has planned to disclose the details bug during the Blackhat conference.
The nature of the bug is very alarming since it affects every DNS vendors. Since the whole internet runs on DNS, the impact could be huge when this can be exploited.
The way Kaminsky coordinated with all vendors for releasing massive patches is the first time in the history of developing a patch. Engineers from all major DNS vendors met in the Microsoft campus along with Kaminsky to work in patching the bug. The most interesting part of this bug is that, it is not possible to discover the details of the bug by reverse engineering the patch.
So let us try to explore about this bug based on the information available in the internet, as this is the current happening topic in the security domain.
