International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Monday, April 21, 2008

Dan Kaminsky, director of Penetration Testing IOActive, Inc., gives a presentation on wildcard and NXDOMAIN redirection services. It discusses typosquatting, DNS ad injection, and provides several examples showing how these phishing trends work. Basically, it is quite possible for non-existent domains to be created validly on any random server, and to be near undetectable. Kaminsky concludes that "even small amounts of failed net neutrality can lead to catastrophic side effects on Internet security" and that "even if everything was 100% SSL, if the ISP could require code on the box, they could still bypass the crypto, and alter the content."

Access Dan Kaminsky's full presentation here.