Posted: 25th Jul, 2008 By: MarkJ
UPDATE: Removed reference to BT, which patched its servers several weeks back.Several of the UKs most prominent ISPs have failed to patch a critical Domain Name System (DNS) vulnerability in their networks, which was openly exposed for use by hackers earlier this week. The Internet's DNS is responsible for translating Internet Protocol (IP) addresses into human readable form (e.g. "87.106.71.228" becomes "ispreview.co.uk") and vica versa
Sky Broadband, The Carphone Warehouse (Opal Telecom, TalkTalk, AOL), T-Mobile,
Orange and Griffin Internet were named in
The Register's informal survey of ISP customers. The flaw itself was first publicly disclosed at the start of this month (
original news) by security expert Dan Kaminsky, although it had been discovered several months earlier.
Exact details of how to manipulate the flaw were supposed to be kept secret while a global security update was conducted, unfortunately the patch was swiftly reverse engineered (hardly surprising) and exploit code revealed.
Kaminsky had already setup a simple DNS Checker application on his
blog, which allowed ordinary surfers to detect whether or not their ISPs DNS servers were patched. Sadly the providers listed above failed this test, suggesting that their customers could now be extremely vulnerable to the exploit.
The vulnerability itself could allow hackers to redirect your browsing activity to fake webpages and thus make
phishing attacks even easier. Typically it can take time for larger networks to deploy the update, although it's probably fair to say that time is something they no longer have the luxury of.
Those using the free OpenDNS system to replace their ISPs own primary and secondary DNS servers need not worry. If your provider is vulnerable then it may be a good interim solution:
http://www.opendns.org .