Volconvo is a debate forum for the discussion of political, religious, and news-based topics.

**Jack** · Jul 9, 2008, 01:17 am

The biggest story to break this week will likely receive little mainstream attention. It may not even interest a great number of people. I mean, it's all so geeky and weird, what do all those strange terms mean?

Even Lou Luddite would agree that like it or not, computers, networks and the internet form a real infrastructure within our society from top to bottom. From bank to boardroom, we depend on the internet and our local networks in the same way we depend on our other utilities; it's just supposed to work. We don't have to reboot the refrigerator (yet), when we turn the tap we expect water. When we open our browser we expect to find the internet, just the way we left it.

Recently our relationship to the internet was threatened not by thieves but by a flaw. An error (found and corrected) could have allowed hackers to cause massive mayhem on anyone using the internet.

Many people were involved in this effort, and I applaud them all.

Quote:

Internet flaw could let hackers take over the Web

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.

Major software and hardware makers worked in secret for months to create a software "patch" released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.

"It's a very fundamental issue with how the entire addressing scheme of the Internet works," Securosis analyst Rich Mogul said in a media conference call.

"You'd have the Internet, but it wouldn't be the Internet you expect. (Hackers) would control everything."

The flaw would be a boon for "phishing" cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.

Attackers could use the vulnerability to route Internet users wherever they wanted no matter what website address is typed into a web browser.

"People should be concerned but they should not be panicking," Kaminsky said. "We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before."

Kaminsky built a web page, DoxPara Research, where people can find out whether their computers have the DNS vulnerability.

Internet flaw could let hackers take over the Web - Yahoo! News

Halofan48 · Jul 9, 2008, 01:41 am

NOOOO! Years of planning, Months of preparation, GONE!!! CURSE YOU AND YOUR PATCH!!!

Anyway, interesting article.

LtMisha · Jul 13, 2008, 03:51 pm

Interesting indeed.

Thank something that they've solved it.

loser · Jul 25, 2008, 04:38 am

Who has had enough faith to go to that site to test DNS vulnerability? How do we know that it's not a trick? Can we trust anyone named Kaminsky?

**Jack** · Jul 25, 2008, 09:30 am

Unless you run a DNS server you don't need to visit that site. If you work with internet security you know who Dan Kaminsky is.

An update to this story, the flaw has been exposed prematurely.

Quote:

Researchers at two security companies prematurely leaked details on Monday of a critical Domain Name System (DNS) flaw, which could lead potential attackers to unleash cache poisoning attacks on users' computers.

Details of the DNS flaw were revealed on two separate blog posts before they were set to be publicly disclosed by security researcher Dan Kaminsky at the Black Hat USA 2008 conference during the first week of August.

The DNS error, affecting numerous platforms and vendors, stems from a fundamental flaw in the DNS protocol, a function which provides a back and forth translation of host URLs to IP addresses.

The vulnerability could be exploited by attackers to launch cache poisoning attacks by creating fake messages accepted by the DNS that can trick the server into delivering an incorrect request. Attackers could then use the flaw to redirect Internet traffic to malicious Web sites and install arbitrary code on users PCs.

Details of the DNS bug were recently exposed to the public when Zynamics.com CEO Thomas Dullien, who goes by the blog pseudonym Halvar Flake, speculated on the details in an extensive blog post.

Following Dullien's posting, researchers at Matasano Security then confirmed Dullien's hypothesis, which was subsequently taken down minutes after being posted on the company's site.

The security flaw was first discovered months ago by Kaminsky, director of penetration testing for IOActive, who had been working with vendors likeMicrosoft (NSDQ: MSFT) and Cisco (NSDQ:CSCO) to create a patch that resolved the DNS error.

Prior to Monday's disclosure, Kaminsky had asked members of the research community to withhold details of the flaw in order to provide users adequate time to patch their systems. He announced that he planned to reveal details of the vulnerability on Aug. 6 during this year's Black Hat USA conference in Las Vegas.

Matasano Principal Thomas Ptacek later apologized to Kaminsky on the company's blog site for prematurely publishing the flaw.

"It was posted in error. We regret that we ran it. We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread," wrote Ptacek. "We dropped the ball here."

Kaminsky's request that the flaw be kept quiet temporarily sparked controversy for some members of the security research community, who maintained that details of the vulnerability should be open to the public as soon as possible.

In his blog post, Dullien argued that keeping details of the flaw under wraps would ultimately do a disservice to the public.

"I am fully in agreement with the entire way (Kaminsky) handled the vulnerability (e.g. getting the vendors on board, getting the patches made and released, and I understand his decision not to disclose extra information) except the proposed 'discussion blackout,'" wrote Dullien. "In a strange way, if nobody speculates publicly, we are pulling wool over the eyes of the general public, and ourselves."

Because details of the flaw have recently been made public, Kaminsky and other security experts recommend that users patch vulnerable systems as soon as possible.

Researchers Prematurely Expose DNS Security Flaw - Security - IT Channel News by CRN and VARBusiness

prejudged_Fire · Jul 29, 2008, 03:22 pm

Apparently OpenDNS (which I've been using for a while) has already been patched and offers protection against the bug.

DNS: OpenDNS Offers DNS Vulnerability Protection

**Jack** · Jul 29, 2008, 03:37 pm

I've been using and recommending OpenDNS for a couple of years. It often decreases page load times, too.

Jul 9, 2008, 01:41 am	#2 (permalink) (top)
Halofan48 Seeking the Unknown Location: Southern California Posts: 1,401	NOOOO! Years of planning, Months of preparation, GONE!!! CURSE YOU AND YOUR PATCH!!! Anyway, interesting article. Knowledge is power, use it well. Don't fear the unknown, seek to understand it

Jul 13, 2008, 03:51 pm	#3 (permalink) (top)
LtMisha Instant Leninist Location: Leningrad Posts: 332	Interesting indeed. Thank something that they've solved it. You must obey the law, always, not only when they grab you by your special place. Vladimir Putin

Jul 25, 2008, 04:38 am	#4 (permalink) (top)
loser Igneous Magma Location: Ether Posts: 596	Who has had enough faith to go to that site to test DNS vulnerability? How do we know that it's not a trick? Can we trust anyone named Kaminsky? My faith is stirred but never shaken. I'm the proof that evolution works... You're the proof that it doesn't. If I had a button, I'd push it! Can I push yours?

Jul 29, 2008, 03:22 pm	#6 (permalink) (top)
prejudged_Fire Hmmmm....... Location: Auburn, Maine Posts: 699	Apparently OpenDNS (which I've been using for a while) has already been patched and offers protection against the bug. DNS: OpenDNS Offers DNS Vulnerability Protection Please send all complaints, criticism, and/or flames to /dev/null for faster service.

Jul 29, 2008, 03:37 pm	#7 (permalink) (top)
Jack formerly Isherwood Location: San Diego, CA Posts: 13,371	I've been using and recommending OpenDNS for a couple of years. It often decreases page load times, too. The Forum Rules Radical Atheist Heathen Queer Let's agree to respect each others views, no matter how wrong yours may be. (Ashleigh Brilliant)