DNS Vulnerability - Issue or Hype
If you haven’t already heard, the big IT security news over the last few weeks has been the DNS Vulnerability that was outed by Dan Kaminsky, a security researcher at IOActive in Seattle. It’s appeared in most major publications and it was certainly one of the top talks at Black Hat last week in Las Vegas.
For more information on this, see the NY Times article here
What’s it all about and why is this so important?
The issue is that it affects the heart of the Internet. DNS or Domain Name Service is what makes everything work. It the thing that makes browsers work and email flow. In very simple terms, DNS converts named domains to IP addresses. It is the human factor of Internet routing.
The issue that Dan Kaminsky exposed, which has actually been known for years, is that with certain DNS servers (BIND), carefully crafted code could be used to “poison” the server and divert legitimate DNS requests to unauthorized servers. What this means is that if you wanted to go to your online banking site and typed in “www.whateveryoursitenameis.com”, a compromised DNS server might take you to another site or even an official looking replica of your banking site that could be used for fraudulent purposes. Essentially requests to go to a specific site are “hijacked”.
The issue potentially affects everyone but it’s up to ISP’s to fix it. Why haven’t they fixed it? Well there are really two main reasons. First, there is no real fix. There’s a patch but it supposedly slows everything down. In the consumer’s mind, IPS’s are measured by speed not security. To most business, slowness is worse than having a potential security issue. The second reason is that some ISP’s don’t see the risk as being that high. Their argument is that if it’s known and there’s been no exploits, why worry. To most ISP’s credit, they have taken either direct or indirect steps to protect their customers. However some have not.
Dan’s talk at Black Hat has pretty much eliminated both the above arguments. In fact it’s been reported that several exploits have now been published and there have been a few actual attacks. This week will prove to be a defining week.
What do you do? Well Dan Kaminsky has a great resource on his web site that will allow you to determine if your ISP’s DNS is vulnerable. You can find it here. If it is, you can contact your provider and ask what they are doing to protect you.