A few weeks ago, a security analyst named Dan Kaminsky gave a few scant details on a DNS Vulnerability. Up until now, the details have been kept secret since Mr. Kaminsky discovered the problem several months ago. Due to an accidental blog posting, the problem has been released into the wild and can be easily taken advantage of. DNS stands for Domain Name System and is a critical link in Internet infrastructure. Wikipedia explains DNS:
The Domain Name System (DNS) associates various information with domain names; most importantly, it serves as the “phone book” for the Internet by translating human-readable computer hostnames, e.g. http://www.example.com, into IP addresses, e.g. 188.8.131.52, which networking equipment needs to deliver information.
Four days after the details on the vulnerability was detailed, hackers have produced an exploit that takes advantage of unpatched systems. The problem itself involves hackers poisoning the DNS so that it re-routes traffic to a website of their choosing. Let’s say you type in http://www.google.com, and the DNS server your computer uses to find other computers/servers on the Internet has been hacked with this technique. Instead of sending you to Google’s homepage, it might send you to http://www.nigerianmalwareporn.com. I can’t speak for everyone, but that is an experience I would like to avoid.
Click more to view the rest of this post.
Up until now, DNS vulnerabilities have been small and non-powerful, but with the release of Kaminsky’s information, hackers are able to release a powerful attack on a large percentage of DNS servers. In fact, Kamisky reports that around 52 % of DNS servers are still susceptible for attack. Even though ISP companies should have pushed out the patch to fix the problems two weeks ago, they leave thier customers open for attack. Even though 52% is a miserable percentage to have weeks after a fix was published, it is way better than 86%- a number of vulnerable servers we saw just days after the fix was released.
You can check for updates on this situation on Dan Kaminsky’s blog. He has a DNS Checking tool that sees if the DNS server that your computer uses has a problem. A July 26th update on his blog reports a few interesting numbers that suggest you are far safer than you might think:
Before the attack: A bad guy has a one in sixty five thousand chance of stealing your Internet connection, but he can only try once every couple of hours.
After the attack: A bad guy has a one in sixty five thousand chance of stealing your Internet connection, and he can try a couple thousand times a second.
After the patch: A bad guy has a one in a couple hundred million, or even a couple billion chance of stealing your Internet connection. He can still try to do so a couple thousand times a second, but it’s going to make a lot of noise.