DNS vulnerability What is it? How does it affect me? What can I do about it? Are you concerned about the possibility of having your banking details hijacked on the internet? Are you confident that when you click “submit” your login details go where they should?

You may have read headlines about “DNS vulnerability” but a problem which might seem to have to do with web addresses you might think of as being unimportant.

Since the beginning of July, technology and general media have been reporting an important security flaw in the internet’s Domain Name System. This became a burning issue once Dan Kaminsky, director of penetration testing for IOActive, revealed first that there was vulnerability and second what this entailed.

Simply put, a domain name is a user-friendly shortcut for the real internet address of a web site. DNS servers store the mapping between these user-friendly shortcuts and the real addresses (the IP address). http://208.77.188.166/ for example is the real name of http://example.org/. Because of the scale and distribution of the internet, these mappings are often stored for a limited time in a cache instead of checking every time a site is requested in order to improve efficiency.

Security flaws in DNS caches are very dangerous because by changing the mapping between the domain name and the real address they can lure people to malicious sites. This would be the same as if you stopped your car to ask for directions and were directed to a criminal’s lair instead of your intended destination. It is through this cache that the unscrupulous could divert your traffic to steal your login details to a bank, for example, without you being aware that you have been diverted to another site than the one you requested.

Although patches have been made available to ISPs, it is still being reported that some major players including AT&T, BT, Time Warner and Bell Canada have not applied them, leaving their customers defenseless against attacks. It has also been reported that changes of this kind may take up to a month.

There are a number of possible actions that you can take to protect yourself. Here are a couple of suggestions:

First, check whether your ISP is vulnerable. To do this, go to www.doxpara.com and click on "Check my DNS". This will give you an immediate status report.
 
Second, you can route your internet traffic through OpenDNS (www.opendns.com) which is an example of a service which gives you some added security by translating the name you type into the right address on the net. This service is free and requires no download of software, just the changing of settings on your computer or router. Full explanations are given on their site.

Further reading:

Details of the issue:

• Dan Kaminsky’s blog
  http://www.doxpara.com/
• Kaminsky's DNS Issue Accidentally Leaked?
  http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html

Related Articles:

• World's biggest ISPs drag feet on critical DNS patch
  http://www.theregister.co.uk/2008/07/25/isps_slow_to_patch/
• Exploit code for Kaminsky DNS bug goes wild
  http://www.theregister.co.uk/2008/07/24/dns_exploit_goes_wild/
• Kaminsky (finally) provides DNS flaw details: http://news.cnet.com/8301-1009_3-9998906-83.html?part=rss&subj=news&tag=2547-1009_3-0-20