Author Topic: A third of all DNS servers still not patched...  (Read 1967 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32824
  • malware fighter
A third of all DNS servers still not patched...
« on: March 18, 2009, 09:09:01 PM »
Hi malware fighters,

A third of all DNS servers on the Internet are still not patched to the notorious DNS leak published some nine months ago by Dan Kamisnsky, listen to this podcast by Dan Kaminsky here:  Listen in on 4 min 30 sec to Dan Kaminsky's interview, the first item of the podcast is in Dutch. To get a better view of the overall situation Dan Kaminsky is going to survey the overall situation (together with other researchers) to see how many users still using non-patched servers,

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline spg SCOTT

  • Massive Poster
  • ****
  • Posts: 4130
  • There is no magic, only lost physics
    • spg SCOTT
Re: A third of all DNS servers still not patched...
« Reply #1 on: March 18, 2009, 09:51:49 PM »
This reminded me of a story I saw last Jan about the very same guy:

(latter part)

One anti-hacker may have saved the internet. Last January, computer consultant Dan Kaminsky, 28, (pictured) - hired by tech companies to find security flaws before hackers - stumbled on to something big. After getting free Wi-Fi at Starbucks by accessing the locked network's domain name system (DNS), he realised there was a serious hole in the protocol.

Like a version of directory enquiries for the internet, DNS directs traffic to the relevant servers when someone looks up a website. Created in 1983, it stores the location of a billion web addresses and routes every piece of internet traffic in the world (translating the www names into internet numbers).

Yet the system was devised in a technologically more innocent age. As such, Kaminsky was able to bypass more recent updates, tricking DNS into accepting fake web pages he supplied for a real Fortune 500 company. When he typed in the company's web address, he was sent to the page he'd just created. In theory, it allowed him to impersonate almost any website, taking over banking sites and re-routing e-mail. He could bring down the internet.

Instead, he decided to contact one of the godfathers of DNS, Paul Vixie. As soon as he heard what Kaminsky had to say, Vixie told him that from then on, they could communicate only by landline, in person or via heavily encrypted e-mail. They had to find a solution before anyone else discovered the flaw.

Vixie assembled the world's leading DNS experts at the Microsoft campus in Seattle last March. They agreed to work secretly on a short-term fix, or patch, against the potential attack and release it simultaneously on July 8 - without any real-world testing. They would have to rush to update servers before hackers worked it out.

But on July 21, details of the flaw were leaked. A week later, a server in Texas was infiltrated using Kaminsky's method and the attacker took over Every time users of that server clicked on Google, they were redirected to a fake site. Network operators scrambled to install the patch and millions were protected.

There was no agreement on a long- term solution, though, and Kaminsky had some ominous words to say at a hacker convention last August. 'There is no saving the internet. There is [only] postponing the inevitable for a little longer.

A slightly ominous thought no?

The older story page (July 2008):

“There is a computer disease that anybody who works with computers knows about. It's a very serious disease and it interferes completely with the work. The trouble with computers is that you 'play' with them!”Richard Feynman