Today, we felt a "disturbance in the Force". The discussion on my Twitter network lead me to the disclosure of this CERT alert. Earlier this year, researcher Dan Kaminsky discovered a basic flaw in the DNS that could allow attackers easily to compromise any name server (also including clients). They have been working together with a large group of vendors on a coordinated patch that was released today. Since it is an issue with the protocol and not the implementation, the issue is multi-vendor. Redhat, Debian, Microsoft, Sun (and possibly others) are all vulnerable.
Here is the executive overview (PDF) to the CERT advisory.
The Network Security Podcast, Episode 111 has an exclusive interview with Dan Kaminsky. Dan's site has a DNS checker tool on the top page but since it was featured on Slashdot, it seems to have been Slashdotted. The tool will enable end users to determine if they are at risk from “upstream” name servers, such as their Internet Service Provider.
For full details, visit:
http://www.kb.cert.org/vuls/id/800113 [cert.org]
So this is a major issue for resolving DNS servers and you should patch as soon as possible. DNS Cache poisening can lead to redirection to malicious sites and especially ISPs should patch ASAP. However there is no need to panic. The details of the exploit are not available for the moment and there is no evidence of malicious activity. But please be proactive.
UPDATE: Should Dan's tool come online again and your provider seems to be vulnerable, you could configure your (home) PC to use openDNS which isn't vulnerable.
UPDATE 2: doxpara.com seems to be up and running again. I tested 2 Belgian ISP's and 1/2 was (still) vulnerable.
(Picture courtesy of obLitered's Photostream)
Tuesday
Warning: details multi vendor DNS cache poisening flaws released (updated)
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment