The article is titled "PC Worlds Top 10 Security Nightmares of the Decade" can be found at the following URL: http://bit.ly/7nxeD4 It's worth a read.There is nothing spectacular about this article. But it is an excellent example of how little experts know on the subjects they are experts on. The author restates common truths. Robert Siciliano tells us the "last decade has seen technological breakthroughs unlike any other". This is true. But Siciliano also reminds us our technological success has result in a tremendous rise in fraud. I completely agree with him. The reason he argues in his article is that the "speed of the conveniences technology" provides has "far outpaced the security" measure in place today. Again very bang on. But this claim could be subject to some interpretation that at one time our security outpaced or was even better then the available technology. The historical truth is that security has alway lagged behind technology. And much of that is due to a lack of education amongst the masses. But the simple truth of it is that much of the insecurity in the Internet is due to a lot of twits who run the Internet and have an interest in maintaining and controlling the status quo. Mr. Siciliano provides an excellent example of this in his article when he discusses the DNS vulnerability alleged to have been discovered by IOActive researcher Dan Kaminisky. Kaminisky is credited with the identification in 2008 of a DNS vulnerability to various forms of attack including cache poisoning. This is a false allegation that the press has repeated without any investigation of the facts. Kaminisky never discovered anything he simply repackaged an existing well known problem as his own. Also the DNS protocol is not vulnerable in itself nor is it a security risk. The security problem is not in the DNS protocol but in the transport protocol used for DNS transactions. In this case it is the UDP protocol that is vulnerable to attack. This problem has existed for at least 15 years. I remember it existed in the 1990's when I was commissioned to investigate vulnerabilities in military DNS servers. So the Kaminisky claim he discovered anything significant is simply untrue. The Kaminisky affair was more a co-ordinated effort to scare business into adopting a protocol that reverse engineers the Internet in a effort to centralize control of the DNS protocol in the root servers operated by the U.S. government through ICANN its contractor. That protocol DNSSEC has been actively marketed as the solution to the Kaminisky cache poisoning problem. DNSSEC addresses the problem by inserting encryption keys into the DNS that establish a chain of trust from domain names to the root servers operated by the U.S. government. This places a significant amount of control in the hands of one government authority. It also will cost business a fortune to adopt. And Internet DNS traffic is also expected to increase exponentially as every DNS answer must contain encryption key information. Furthermore DNSSEC does not actually fix the problem. The issue as mentioned above is a problem with the UDP protocol and verifying that the DNS information your system requested actually coming from the machine you requested it from. The centralization of DNS encryption keys in the root is a very expensive process that is simply not needed. To fix the UDP problem one only has to ensure that the answers come from the server we are communicating with. Since UDP unlike the TCP protocol has no handshaking capabilities one simply fixes the problem by incorporating a handshaking protocol within UDP and DNS that confirms the server we are getting answer from is the server we originally communicated with. A solution to this problem is available and was developed a few years ago by Dr. Bernstein at the University of Illinois at Chicago. It's called DNSCurve and fixes the problem through a simple key exchange between DNS servers without having to hand over control of the DNS to a central authority. regards joe baptista