Speaking at the Black Hat security conference in Las Vegas,
security researcher Dan Kaminsky warned that a critical vulnerability in the
internet’s worldwide DNS (Domain Name System) infrastructure is worse than
came forward early last month to disclose the existence of a critical
security bug in most of the world’s DNS servers. The bug allows hackers to silently
redirect web surfers to an alternate, possibly malicious, web site when a user’s
web browser queries a poisoned DNS for the address of a given internet domain,
“Every network is at risk,” said Kaminsky, who described the
flaw as one of the biggest internet security holes since 1997.
Kaminsky says the extent of this flaw – details of which he
promised to withhold until later this month, until they were suddenly
leaked and then retracted by bloggers
at security firm Matasano in July – allows far more than simple website
redirection. Since the internet is highly reliant on its DNS infrastructure –
to the point where SSL certificates authenticate against it – the flaw allows
for a staggeringly wide variety of attacks: poisoned DNS entries could allow
hackers to silently redirect attempts to log in to FTP, mail, and Telnet
servers, or fool systems like Windows Update into downloading from servers
under hackers’ control.
“There are a ton of
different paths that lead to doom,” said Kaminsky to his attendees of his standing-room
only presentation on Wednesday.
According to Kaminsky, the ISPs of roughly 42 percent of
broadband consumers around the world have patched their DNS servers, and
approximately 70 percent of the world’s Fortune 500 are protected. Of that
remaining 30 percent, roughly half of the companies Kaminsky surveyed
encountered difficulties patching their systems, while the other half has put
in little or no issue to fix their systems.
When details of the flaw were released, Kaminsky simply told
server operators to “patch. Today. Now. Yes, stay late.”
Wired’s Threat Level
reports that Kaminsky spent more than an hour running through the variety of
systems that are vulnerable to attack, noting that a hacked DNS server produces
a “domino effect” amongst linked systems. He is aware of at least fifteen ways
it could be used – but notes that more are likely to turn up the longer its
Despite the urgency, however, there have been few, reports
of the vulnerability surfacing in the wild. This is despite the exploit code
being made available for the widely-used
Metasploit Framework, which allows both researchers and hackers alike easy
access to a variety of attacks. One such incident, published July 30 on the official
Metasploit blog, notes a successful attempt to poison AT&T’s Austin,
Texas DNS servers to redirect Google surfers to a page that served up hidden
Kaminsky posted a simple test on his website DoxPara, which allows visitors to determine
if their DNS servers are vulnerable to attack.
quote: Business lines 99% allways have an static DHCP IP unless requested to have an dynamic IP
quote: Kaminsky posted a simple test on his website DoxPara, which allows visitors to determine if their DNS servers are vulnerable to attack.
quote: 42 percent of broadband consumers around the have patched their DNS servers,
quote: patch. Today. Now. Yes, stay late.