Luis Sayago July 28 2008 10:52:17 AM
The news is out and now the hacker "community" has released code to exploit a bug in DNS servers around the world. Simply put
DNS is a protocol hosted in servers everywhere that translates easy to remember URL or domains to an
IP address (ex. blog.akademoslatam.com -> 66.208.112.35). The flaw was discovered by researcher
Dan Kaminsky and although he withheld details of the exploit to allow vendors to issue patches and service providers to patch, these were leaked and so the hackers out there already know what to do.
Although these topics like exploits, DNS, and IP address are best left for the more technical people and the Internet Security community I though it was prudent to mention it and explain it in less technical terms because it can impact virtually anyone around the world. What all this means to you is that if your Internet Provider (ISP) or Network Admin have not patched (fixed) their DNS servers and an attacker finds out and exploits this vulnerability they can change the DNS response to you. For example. if you want to go to your bank's web site, say www.bankofamerica.com, and the attackers have changed that record (address) at your provider's DNS server then instead of you going to the Bank of America servers you are directed to a malicious server that is impersonating the real bank's web site. At this point you are looking at a web site that looks the same as the Bank of America web site but it really isn't. The danger here is that you will probably enter personal account information, like username and password, without knowing it is being received at the other end by some person which will use that information for less than legitimate purposes. Email delivery can also be compromised but we won't go into that as thats would most likely fall into the admin's jurisdiction.
Since the attack's purpose is to redirect requests and information to a bad guy then the end result of this attack is close to a
phishing attempt. The only problem is that we can usually identify these phishing attempts by looking at the actual link information or URL bar in our browsers before entering any information. In this case is harder to detect since the URL information is actually good, www.bankofamerica.com, but the site is not legitimate.
What can you do to protect yourself? While most of the work is, and should, be done by the Network Engineers and System Administrators out there it always helps if the end-user is aware of this problem and keeps an eye out for things that are out of place or suspicious when they visit any web site. Most bank web sites nowadays have a mechanism where they show you a familiar picture or phrase that you need to recognize as valid before entering your account information. This prevents you from entering your information into fake sites since in theory the malicious server won't know this type code so if you don't see it you should not enter your information.
Comments Disabled
