- Sunday, 29 November 2009
- INQ Mobile
- RSS
The almighty dollar is the only object of worship - Philadelphia Public Ledger
DNS Bug alive and kicking down under
SECURITY BOFFIN Dan Kamisky made headlines last Tuesday when he disclosed a rather dangerous security bug in the domain name system (DNS) software used around the world and one of the key pieces of the Internet.
This story made headlines worldwide because the bug affects both Open Sauce and commercial, proprietary DNS servers. By using a technique dubbed as "Cache Poisoning" hackers could redirect visitors of any web site name to a rogue server on any other IP address.
Yet, a week later, and while some in the press have reasurred everyone by describing the problem as "fixed" - see for instance Desire Athow's story over here entitled "DNS Flaw That Could Have Killed The Net Is Patched Up"- large ISPs are still happily running vulnerable systems.
Dan Kamisky provides a simple test button at his personal blog where a script on his server checks the vistor's IP address and its DNS server, and then informs if the ISP is running a vulnerable piece of code or if it has hole has been plugged. So we decided to try it.
Here at INQ Lat Am HQ we run two broadband links for redundancy, so we first checked the Spanish juggernaut's local loop monopoly, namely Telefonica's ADSL ISP, dubbed "Speedy", hoping for the worst. Surprisingly, the Spaniards' South American subsidiary has done its job: the DNS servers are immune to the DNS Cache Poisoning bug.
Then, we tested our secondary link: a cable modem from one of the three major ISPs in Buenos Aires city. The result: vulnerable. The sysadmins haven't patched the DNS servers yet.
We were very excited to test other ISPs' DNS servers, but first, Dan Kamisky's web page doesn't offer the option of entering IP addresses of DNS servers. We contacted Kamisky and he told the INQUIRER: "I'm going to mod the script as requested sometime this week."
We also attempted to install and use Tenable's industry-standard security tool, Nessus, but quickly found that the plug-in to detect this "Remote DNS Resolver Uses Non-Random Ports" bug is only available for "Direct Feed" subscribers, that is, paying customers coughing up the required $1,200/yr fee.
Yet, having one out of two ISPs vulnerable doesn't make us very comfortable. Clearly, there's a big difference between a "patched bug" and a "deployed, installed patch". ยต
L'INQs
DNS
Flaw That Could Have Killed The Net Is Patched Up
Internet
bug fix spawns backlash from hackers
DNS
Researcher Convinces Skeptics That Bug Is Serious
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
i've seen that website give both positive and negative results for a patched server so whilst it may be true that people haven't patched yet, that website is hardly authorative. 
The first image doesn't obscure all instances of the vulnerable servers IP address.
And after applying this patch, it's *still* insecure. So I don't see what all the fuss is about.
Dan might appreciate it if you spelled/spelt his last name properly.
Many users already use Google instead of the url box, just have to see how many user look for MySpace and Facebook. Therefore, there are two resolutions:
1st Google: keyword-> url
2nd DNS: Url -> ip
Maybe Google could provide keyword-> ip resolution. This could not work for website using virtual hosting, but for critical sites like Bank and eBay it might be possible and it could prevent phishing.