Your ISP’s DNS Server May Be Poisoned!
Security researcher Dan Kaminsky discovered a vulnerability in the Internet’s Domain Name System. The DNS System allows the translation of names like www.apple.com into IP Addresses such as 172.133.1.231 that the Internet can route.
This vulnerability that Kaminsky found is present in ALL Domain Name Servers, from Microsoft’s version, to Cisco’s, to even the Linux BIND Server. What this means, is that the whole Internet is affected and a savvy attacker could use this to his advantage by poisoning the DNS Cache and then rerouting email traffic, hijacking domains and spoofing websites.
Currently, the design flaw in DNS is so fundamental that no direct-fix or patch is available. However, kaminsky, Paul Vixie (The guy in charge of Linux BIND Servers since 1988) and a team of top DNS experts have released a work-around on July 8th. The work-around makes exploiting this vulnerability much more difficult.
If you are concerned, you can go to http://doxpara.com/ to find out if your DNS Server is vulnerable to Cache Poisoning. And if you’re even more concerned, tell your ISP!
Stay Safe!
[ VIA ComputerWorld ]
