The Internet gets a patch, as DNS bug is fixed

Security researcher Dan Kaminsky has discovered a flaw in the DNS protocol that allows attackers to spoof Internet addresses.

Makers of the software used to connect computers on the Internet collectively released software updates Tuesday to patch a serious bug in one of the Internet's underlying protocols, the Domain Name System (DNS).

The bug was discovered "by complete accident," by Dan Kaminsky, a researcher with security vendor IOActive. Kaminsky, a former employee of Cisco Systems, is already well-known for his work in networking.

By sending certain types of queries to DNS servers, the attacker could then redirect victims away from a legitimate Web site -- say, Bofa.com -- to a malicious Web site without the victim realizing it. This type of attack, known as DNS cache poisoning, doesn't affect only the Web. It could be used to redirect all Internet traffic to the hacker's servers.

The bug could be exploited "like a phishing attack without sending you e-mail," said Wolfgang Kandek, chief technical officer with security company Qualys.

Although this flaw does affect some home routers and client DNS software, it is mostly an issue for corporate users and ISPs (Internet service providers) that run the DNS servers used by PCs to find their way around the Internet, Kaminsky said. "Home users should not panic," he said in a Tuesday conference call.

After discovering the bug several months ago, Kaminsky immediately rounded up a group of about 16 security experts responsible for DNS products, who met at Microsoft on March 31 to hammer out a way to fix the problem. "I contacted the other guys and said, 'We have a problem,'" Kaminsky said. "The only way we could do this is if we had a simultaneous release across all platforms."

That massive bug-fix occurred Tuesday when several of the most widely used providers of DNS software released patches. Microsoft, Cisco, Red Hat, Sun Microsystems and the Internet Software Consortium, makers of the most widely used DNS server software, have all updated their software to address the bug.

The Internet Software Consortium's open-source BIND (Berkeley Internet Name Domain) software runs on about 80 per cent of the Internet's DNS servers. For most BIND users, the fix will be a simple upgrade, but for the estimated 15 per cent of BIND users who have not yet moved to the latest version of the software, BIND 9, things might be a little more difficult.

That's because older versions of BIND have some popular features that were changed when BIND 9 was released, according to Joao Damas, senior program manager for the Internet Software Consortium.

Kaminsky's bug has to do with the way DNS clients and servers obtain information from other DNS servers on the Internet. When the DNS software does not know the numerical IP (Internet Protocol) address of a computer, it asks another DNS server for this information. With cache poisoning, the attacker tricks the DNS software into believing that legitimate domains, such as Bofa.com, map to malicious IP addresses.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Robert McMillan

IDG News Service
Show Comments

Brand Post

Bitdefender 2018

Secure and Save before time runs out with Bitdefender Exclusive Clearance Offer! Get Bitdefender Total Security 2018 Now!

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?