The same technology that allows Web surfers to locate and connect to computers on the Internet can be used to create covert communications channels, bypass security measures and store distributed content, a security researcher said Saturday.
The security hack essentially uses data transferred by domain name service (DNS) servers to hide additional information in the network communications. DNS servers act as the white pages of the Internet, invisibly transforming easy-to-remember domain names--such as www.cnet.com--into the numerical network addresses used by computers. Moreover, corporate security measures, such as firewalls, tend to ignore DNS data because they assume it's harmless, said Dan Kaminsky, a security researcher for telecommunications firm Avaya and a speaker at the Defcon hacking conference.
Academics Enlist in Spam Battle
Watch out spammers. Academic researchers are raring for battle.
On Friday, the inaugural Conference on E-mail and Anti-Spam opened at Microsoft Corp's campus with a decidedly different approach to fighting unwanted e-mail.
Rather than touting products, speakers vetted research from universities and industry laboratories. Their approaches moved far beyond the Bayesian filtering of yesteryear to the use of sequencing techniques from bioinformatics, cryptography and natural language processing to tackle spam.