Ryan Naraine spotted an article describing how a Chinese ISP's DNS servers got poisoned because they were not patched. Their customers were redirect to a site which would launch exploits for known vulnerabilities in RealNetworks’ RealPlayer, Adobe Flash Player and Microsoft Snapshot Viewer. Read the full article for some screenshots.
We shouldn't criticize Chinese providers too much as we still have some vulnerable networks of our own. But it's about time, they all got patched (everywhere).
If it appears, you are using an unsafe DNS server, switch to openDNS. Here are the instructions.
UPDATE: Dan Kaminsky is confirming attacks in this article on Cnet. Remember that DNS (MX) records also decide the traffic flow of mail servers. This is why Dan added an additional test on his website to test your mailserver's DNS for the patch.
The story has also hit Slashdot.
Related posts:
- Dan Kaminsky's DNS Talk on #Blackhat: A small review and interesting tweets
- Did the DNS attacks begin? (part 2) - Fact or myth? Some facts. (updated x2)
- Poor software update mechanisms and DNS Cache Poisoning: a wicked combo by the Evilgrade Toolkit
- Did the DNS attacks begin?
- Recorded Blackhat webcast with Dan Kaminsky now online
- Microsoft Security Advisory (956187): Increased Threat for DNS Spoofing Vulnerability
- Govcert.NL publishes "The Kaminsky Code" Factsheet
- Short Review of Blackhat DNS Webinar with Dan Kaminsky
- Metasploit releases DNS cache poisoning exploit (part 2)
- Metasploit releases DNS cache poisoning exploit (part 1)
- NOW is the time to patch those unpatched DNS servers. Details have leaked. (updated)
- Dan Kaminsky Blackhat Webcast on the DNS vulnerability on the 24th of July (updated)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment