Giants club together to fix major DNS flaw

 

Gallery

By Matthew Sparkes

Posted on 9 Jul 2008 at 11:55

Large organisations have begun to fix a DNS vulnerability that left millions of internet users open to phishing attacks, after an unprecedented covert effort by several companies to develop a fix.

The vulnerability affected software and hardware from a range of vendors, and theoretically allowed phishers to redirect users to third-party sites, even when they typed the correct URL into their browser.

Dan Kaminsky, the security researcher who first discovered the flaw in the DNS code, explained that "people should be concerned but they should not be panicking," when he spoke to the BBC today.

The flaw was first discovered six months ago, but details were kept quiet while a concerted effort was put into developing a fix. Microsoft, Sun and Cisco, among others, worked together to patch the vulnerability.

"This hasn't been done before and it is a massive undertaking," explained Kaminsky.

"The particular attack, or the methods and the motivation for the attack is nothing new, but I think the technicalities of how this would potentially take place and that it would potentially affect all of DNS is something that's pretty critical," says
Mark Murtagh, product director at security company Websense.

However, with vulnerabilities such as this there should always be failsafe measures put in place, warns Murtagh.

"Even if the infrastructure is compromised then another system should be part of an organisation's information security strategy to ensure that if DNS is compromised and is leading a user to a fraudulent website or even a malicious website that's hosting malware that this other system catches that."

"This particular vulnerability... is really at the infrastructure level where lots of other security measures can layer on top of that to ensure the protection of the employer and the consumer," he explains.