DNS Security Flaw Leaked Before Patches Applied
Date : 22 Jul 2008 Category : Technology
NewsFactor NetworkThe potential breech is in the current implementation of the Domain Name System for Web servers. DNS is essentially a lookup system for Web servers: names of domains, such as newsfactor.com, are translated by DNS servers to static IP addresses, essentially the true location of the site.
Cause and Cure
A flaw in the DNS caching of incoming requests makes it susceptible to malicious misdirection of Web traffic. If a DNS server does not have an IP address for a requested domain, it asks for this information from another DNS server.
If the clueless DNS server's cache is fooled by malicious information, the user requesting the domain of a legitimate site can be redirected to a spoofed IP address. For example, if a DNS server is fooled into directing legitimate traffic from www.yourbanksite.com to a rogue site, every user hitting the legitimate site would be redirected to the rogue site.
A patch for the flaw was released two weeks ago to corporate and institutional users, but it's unclear how many servers have been fixed and tested. The patch was issued without detailed explanation, but with a strong recommendation to apply it to avoid security breaches. The IOActive Web site includes a link for testing the effectiveness of the patch.
Loose Lips
Speculation circulated around the Internet about what, exactly, Kaminsky discovered. The security researcher was due to make his finding public at the Black Hat hacker's convention in Las Vegas on Aug. 2-7. Kaminsky felt that would give DNS server operators plenty of time to fix...