Details of DNS Glitch Slip into the Wild

Six months ago, security expert Dan Kaminsky stumbled upon a flaw so serious and widespread that it could bring the entire internet crashing down — at least for those on the wrong side of the bug. Two weeks ago, he publicly announced the bug, which affects the Domain Name System or DNS, with plans to release details of the exploit itself during the annual Black Hat Briefings in Las Vegas. On Monday, those plans were preempted when a security firm involved in the repairs posted full details of the issue online, making way for exploits to hit the web by Wednesday.

The flaw — for which hackers now have at least two active exploits — allows attackers to trick DNS servers into sending traffic intended for legitimate sites to ones setup by the attacker, and to do so transparently. It has been suggested that the attack would take all of ten seconds. As is usually the case, many researchers and network administrators refused to believe Kaminsky's reports, instead declaring him a glory hound merely rehashing an already discovered exploit. Among those was Thomas Ptacek, founder of the security firm that disclosed the flaw, Matasano — Ptacek later apologized for the premature disclosure, saying the responsible blog post had been written in anticipation of Kaminsky or someone else disclosing the flaw, and was accidentally published.

Regardless of why the details leaked out two weeks early, all parties — especially those who spent their time attacking Kaminsky instead of patching their networks — are sorry now. Anyone out there who hasn't already learned of the glitch and patched their network is encouraged to do so immediately, and individual users would be wise to check that the DNS servers they use have been updated as well. To quote Kaminsky, as everyone is:

“Patch. Today. Now. Yes, stay late.”
Editor's Note: If you don't know if your DNS server is safe or not, a testing tool is available on Kaminsky's site. We are also aware of two DNS providers that have been confirmed as never having been susceptible to the exploit: OpenDNS and PowerDNS. If the vulnerability test shows your DNS server as vulnerable, you may wish to switch to one of those until yours can be patched.
Load Disqus comments