Giants club together to fix major DNS flaw
Posted on 9 Jul 2008 at 11:55
Large organisations have begun to fix a DNS vulnerability that left millions of internet users open to phishing attacks, after an unprecedented covert effort by several companies to develop a fix.
The vulnerability affected software and hardware from a range of vendors, and theoretically allowed phishers to redirect users to third-party sites, even when they typed the correct URL into their browser.
Dan Kaminsky, the security researcher who first discovered the flaw in the DNS code, explained that "people should be concerned but they should not be panicking," when he spoke to the BBC today.
The flaw was first discovered six months ago, but details were kept quiet while a concerted effort was put into developing a fix. Microsoft, Sun and Cisco, among others, worked together to patch the vulnerability.
"This hasn't been done before and it is a massive undertaking," explained Kaminsky.
"The particular attack, or the methods and the motivation for the attack is nothing new, but I think the technicalities of how this would potentially take place and that it would potentially affect all of DNS is something that's pretty critical," says
Mark Murtagh, product director at security company Websense.
However, with vulnerabilities such as this there should always be failsafe measures put in place, warns Murtagh.
"Even if the infrastructure is compromised then another system should be part of an organisation's information security strategy to ensure that if DNS is compromised and is leading a user to a fraudulent website or even a malicious website that's hosting malware that this other system catches that."
"This particular vulnerability... is really at the infrastructure level where lots of other security measures can layer on top of that to ensure the protection of the employer and the consumer," he explains.
Author: Matthew Sparkes
advertisement
- ATI Radeon HD 5970: 42% more expensive in the UK
- Office 2010 Beta – 32-bit or 64-bit – The Choice is Clear
- Why Britain's watchdogs have fewer teeth than goldfish
- Tabbed documents: how to make Office 2010 great
- Outlook 2010 People Pane – does it spell death to Xobni
- Microsoft Outlook 2010 screenshots
- Co-Authoring in Word 2010 and SharePoint Foundation 2010
- Microsoft Outlook 2010 screenshots: Backstage view
- Flash 10.1: Developing for Desktop and Device
- Microsoft Office 2010 screenshots: Recover unsaved items
- Getting to grips with Microsoft's IT Health Environment Scanner
- Virtualise your servers
- The changing face of travel gadgets
- Build your own distributed file system
- The bulletproof Dell that costs an arm and a leg
- Microsoft Office 2010 Technical Preview: Q&A
- Lawnmowers, the TyTN II and one odd insurance request
- There'll never be a bulletproof OS
- How far can we trust apps?
- Five nice touches in Outlook 2010
advertisement
Printed from www.pcpro.co.uk


