Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Major security weakness patch from Microsoft, Sun, Cisco...

Comments

  • #2
    trout
    Registered Users, Registered Users 2 Posts: 9,980 ✭✭✭trout


    This vuln was discovered three years ago by a SANS student as part of his coursework.
    -> http://isc.sans.org/diary.html?storyid=4693&rss

    It is also the subject of a CERT advisory.

    http://securosis.com/publications/CERT%20Advisory.doc
    http://securosis.com/2008/07/08/dan-...atch-released/

    My read of it is that this is a DNS design issue, and not vendor specific.
    Apparently the vuln, if exploited, could support DNS poisoning, spoofing and MITM attacks, among others.

    My guess ... almost all vendors with DNS offerings will be producing a patch Real Soon Now.
    probe wrote: »
    Microsoft, Sun, Cisco and others released a patch for a major security weakness in the DNS system on Tuesday. You might wish to check that your kit has downloaded the updates…

    http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=protocols_and_standards&articleId=9107978&taxonomyId=141

    .probe


  • #3
    Get0fix
    Closed Accounts Posts: 90 ✭✭Get0fix


    Interesting read. Seems like the protocol flaw has been kept quiet enough so far. Hopefully it doesn't cause havoc.


  • #4
    trout
    Registered Users, Registered Users 2 Posts: 9,980 ✭✭✭trout


    Good article from The Register on this topic. Excerpt below.

    http://www.theregister.co.uk/2008/07/09/dns_fix_alliance/
    The vulnerability in the domain name system (DNS) - the distributed database that matches a host and domain name with the numerical address of a computer server - could give an attacker the ability to replace the addresses of popular websites with that of a malicious server, said Dan Kaminsky, director of penetration testing for security firm IOActive. Kaminsky found the flaw when he was doing non-security research on the domain name system (DNS) more than six months ago.

    "It is a fundamental issue affecting the design," Kaminsky said. "Because the system is behaving exactly like it is supposed to behave, the same bug will show up in vendor after vendor after vendor. This one bug affected not just Microsoft ... not just Cisco, but everyone."


  • #5
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    You can listen to an interview with the guy who discovered this security flaw (Dan Kaminsky) at:

    http://media.libsyn.com/media/mckeay/nsp-070808-ep111.mp3

    His blog is at: http://www.doxpara.com

    This site incorporates on online DNS checker test tool, to check and see if the DNS server(s) you are using has been patched.

    www.opendns.com has been patched, so if you are using 208.67.222.222 and 208.67.220.220, you should be safe.

    .probe


  • #6
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    Details of this DNS security weakness have leaked out here and there, and Steve Gibson decided to tell the world, in blow by blow detail in his netcast this week, before Dan Kaminsky does his promised disclosure on 6.8.08.

    While he was making the programme, Steve's home in Irvine, CA was hit by an earthquake! ....

    http://earthquake.usgs.gov/eqcenter/recenteqsww/Quakes/ci14383980.php#details

    which threw his library books around the place, (visible to those watching the show live on twitlive.tv on Tuesday). The quake didn't stop steve continuing for over an hour on the topic.

    The bottom line is that there are many unpatched internet servers etc out there, and it is easy to search for the unpatched servers, take them over and route innocent naive morons from all over the world doing their online banking, shopping, etc to your malicious website to get them to give you their credit card number, expiry date, CVV code, name, address, date of birth, mother's maiden name, pet's name, a full list of their email addresses and passwords, and whatever else you might want to ask for.

    One of the simplest ways to protect yourself against incompetent, careless ISPs is to make sure your PC ignores your ISPs DNS server and uses OpenDNS.com's DNS servers - the IP numbers for which are 208.67.222.222 and 208.67.220.220.

    If you want to listen to the blow by blow detail on how DNS works from the birth of the internet onwards and how this exploit takes advantage :
    http://www.podtrac.com/pts/redirect.mp3/aolradio.podcast.aol.com/sn/SN-155.mp3

    .probe


  • Advertisement
  • #7
    probe
    Closed Accounts Posts: 2,055 ✭✭✭probe


    A follow-up on the serious, and still present, DNS protocol flaw.

    How wwW.boArDS.iE might be an even more secure solution!

    http://www.podtrac.com/pts/redirect.mp3/aolradio.podcast.aol.com/sn/SN-157.mp3

    .probe


Advertisement