Posted: 09th Jul, 2008 By: MarkJ
UPDATE: Microsoft's MS08-037 DNS patch has apparently crippled users of the popular ZoneAlarm Firewall - forum post. ZA is recommending that people uninstall the patch until it has a fix.It's just been revealed that the Internet's Domain Name System (DNS), which is responsible for translating Internet Protocol (IP) addresses into human readable form (e.g. "
87.106.71.228" becomes "
ispreview.co.uk") and vica versa, has had a serious underlying security flaw for several months.
The flaw, which could allow hackers to redirect your browsing activity to fake webpages and thus make
phishing attacks even easier, was first discovered at the start of this year by security expert Dan Kaminsky (
blog):
"It's not good, this class of attack is known as cache poisoning and basically an attacker can go ahead and impersonate large chunks of the web or large chunks of the internet to a random user," warned Kaminsky.
Kaminsky subsequently began informing all of the major firms and DNS management systems about the flaw, which included Microsoft, Cisco, Sun and Bind. Since then they and Kaminsky have been working in secret to develop and rollout a multi-vendor patch to solve the problem across all platforms, which finally went live yesterday evening.
Part of the reason for all the secrecy is to avoid hackers being made aware of the fault before it could be fixed, which would have made the Internet incredibly vulnerable. Happily there have been no reported incidents of this particular flaw being exploited and precise details are likely to be kept under wraps until August.
The delay in disseminating information about the flaw is designed to give the patch some breathing room for deployment. Meanwhile the patch has also been made difficult to reverse engineer, thus hindering hackers ability to discover the fault before it can be fully deployed.
Internet users need not be too concerned about the problem, although people should always be vigilant. To that end, Kaminsky has made a DNS check available on his blog that allows you to test whether your connection / network may be vulnerable.