Hackers get hold of critical Internet flaw

[peternap]

What patch?

http://www.breitbart.com/article.php?id=080724230931.2rdnlz0a&show_article=1

nternet security researchers on Thursday warned that hackers have caught on to a "critical" flaw that lets them control traffic on the Internet.

An elite squad of computer industry engineers that labored in secret to solve the problem released a software "patch" two weeks ago and sought to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks.

"We are in a lot of trouble," said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.

"This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please. This is a big deal."

DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

The vulnerability allows "cache poisoning" attacks that tinker with data stored in computer memory caches that relay Internet traffic to destinations.

[muldoon]

This came out on the 8th and is a big deal in alot of circles.  The patch is for people who run dns servers (not end users).  http://www.kb.cert.org/vuls/id/800113

The cat got out of the bag on the 21st, and most admins are just forwarding to opendns for now until patches can be tested and pushed to production.  The net affect of the exploit being cache poisoning.  Or re-directing you to another website that looks like the one you think your going to.  The address line on your pc will be right but you could be somewhere else.  For most sites, forums and general browsing its no big deal.  for sites requiring a password, anything to do with identity - you need to use ssl.  ssl has not just encryption but also signature ability to validate who your talking with.

Trust is a funny thing on an open network. 

end users should exercise caution about where they type in sensitive information.  theres no patch for them, its infrastructure that needs patching.

[apaknad]

ok, so what do we do? i did not see any solution offered in the article. am i ok because i am signed up for auto updates for windows xp? i am a point and click, one fingered hunter pecker so i am only half computer literate

[glenn kangiser]

Somebody will probably fix it.  It's funny that they try to claim it was just made public knowledge because I read about it around the day it was discovered or shortly after.  I probably read the wrong websites though.

[muldoon]

the exploit in namespace was announced earlier this month.  At that time it was theoretical, the part the just went live is that it is now actively being used in the wild as an exploit.  It's really not a big deal, well it is, but the truth is we have 3 or 4 of these a month usually so it's not anything out of the ordinary.  I'm a little surprised it is making such a stir.  Our audit is now clean, were patched here and back on BIND services. 

Again, there is nothing for you guys to do to your PC's at home.  This is something your ISP will fix on their side. 

[muldoon]

For anyone interested, there is a tool to check if you are affected by this. 

http://entropy.dns-oarc.net/test/