Last Sunday I read an article in Wired Magazine about Dan Kaminsky who had discovered a flaw with one of the basic fundamentals of the Internet, the Domain Name System.
The experts watched as Kaminsky opened his laptop and connected the overhead projector. He had created a “weaponized” version of his attack on this vulnerability to demonstrate its power. A mass of data flashed onscreen and told the story. In less than 10 seconds, Kaminsky had compromised a server running BIND 9, Vixie’s DNS routing software, which controls 80 percent of Internet traffic. It was undeniable proof that Kaminsky had the power to take down large swaths of the Internet.
To be honest, the Internet dodged a bullet with this one. Had this been discovered with someone with less moral character, there would have been a very very bad day for the world. Then again, we currently only patched the hole; Bought some time.