DNS vulnerability could lead users to phishing sites


— 11:14 AM on July 25, 2008

When he discovered a vulnerability in Domain Name System servers about six months ago, IOActive security researcher Dan Kaminsky kept quiet and worked covertly with other security experts to come up with a patch. Kaminsky and his colleagues released the fruit of their labor two weeks ago, and they planned to wait "at least a month" before finally releasing details to the public. However, AFP reports that malicious hackers caught wind of the vulnerability first.

The leak is bad news, because it means some users may no longer be able to trust their Internet service providers to serve them the right sites. For instance, when a user types "www.bankofamerica.com" into his web browser, an unpatched DNS server on the other end of the line could forward him to a malicious phishing page. AFP says attackers may use a technique called cache poisoning to exploit the vulnerability and mis-configure DNS servers.

The news agency quotes Kaminsky as saying, "We are in a lot of trouble." He added, "This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch." Concerned users can hit the security researcher's blog for a DNS checker web application that sees whether their DNS servers have the patch installed. Kaminsky's blog also details the vulnerability in layman's terms, for those interested.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.