Today morning I switched on my laptop and a Microsoft security update wanted to start… I let is run (When your computer is on and connected to the Internet, the most current security updates are automatically downloaded and installed.) Among the downloaded updates one was especially important: MS08-037 which addresses a vulnerability in the Domain Name System (DNS) – as I learned from different articles in my recent RSS “box”.

According to the BBC, computer experts have released software to tackle a major security glitch in the internet addressing system. The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they typed the correct address into a browser.

Security expert Dan Kaminsky said that the case was unprecedented, but added: "People should be concerned but they should not be panicking." He discovered the error in the Domain Name System (DNS) about six months ago. Dan Kaminsky is the Director of Penetration Testing for IOActive. Previously of Cisco and Avaya, Dan has been operating professionally in the security space since 1999.



According to a CERT* document, deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. The Domain Name System (DNS) is responsible for translating host name to IP addresses (and vice versa) and is critical for the normal operation of Internet-connected systems. DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. DNS cache poisoning is not a new concept; in fact, there are published articles that describe a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning.

An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.

* The CERT® Program is part of the Software Engineering Institute (SEI), a federally funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. The CERT Program develops and promotes the use of appropriate technology and systems management practices to resist attacks on networked systems, to limit damage, and to ensure continuity of critical services.


If you are interested in this issue you can download the 22 page CERT Advisory document at Securosis.com.


Read the entire BBC article!

Related articles by Zemanta

• DNS hole prompts synchronized patching effort by IT vendors
• Major DNS issue causes multivendor patch day
• Dan Kaminsky has posted a DNS checker on his website.
• Microsoft patches security bugs in Exchange, SQL Server, and Windows
• Web companies organize massive effort to patch fundamental Internet flaw
• Researcher offers insight into DNS flaw
• Cisco releases its DNS patches
• Massive, coordinated DNS patch released
• Patches coming today for DNS vulnerability