In 2008 a major flaw was discovered in the Domain Name System (DNS) which regulates traffic on the Internet. Network World reported that as a result it is “possible for hackers to launch cache poisoning attacks, where traffic is redirected from a legitimate website to a fake one without the website operator or end user knowing.” 

Dan Kaminsky discovered this DNS vulnerability as a security researcher in 2008 and reported his discovery widely, and although apparently most of the Internet security world including the US government and CERTagreed with the DNS vulnerability apparently 5 years later few major companies have deployed DNS Security Extensions (DNSSEC ) to alleviate this threat including: 

  • Apple,
  • Cisco,
  • Google,
  • IBM,
  • Symantec,
  • Fifth Third Bancorp,
  • Bank of America,
  • Cardinal Health,
  • Charles Schwab,
  • Delta Air Lines,
  • Disney,
  • eBay,
  • Target,
  • WellPoint, and
  • Wells Fargo 

A recent survey conducted weekly by the National Institute of Standards and Technology indicates that only 10 out of more than 1,000 U.S. industry websites have fully deployed DNSSEC including: 

  • Comcast,
  • Data Mountain Solutions,
  • Infoblox,                                                                                            
  • PayPal, and
  • Sprint.

Other companies have partial DNSSEC deployments including:

  • Dyncorp,
  • Simon Property Group, and
  • Juniper Networks 

So maybe this is not a big problem since the major companies have failed to deploy DNSSEC, but if we have a cyber disaster with the DNS perhaps those companies will think otherwise.