p2pnet news view | Security:- “Recently, a significant threat to DNS, the system that translates names you can remember (such as www.doxpara.com) to numbers the Internet can route (66.240.226.139) was discovered, that would allow malicious people to impersonate almost any website on the Internet,” says Dan Kaminsky on DoxPara Research.

“Software companies across the industry have quietly collaborated to simultaneously release fixes for all affected name servers.”

Kaminsky includes an on-line application which lets readers immediately see if they’re in any danger.

“Your name server, at xxxx, appears to be safe,” it told p2pnet, but, “make sure the ports listed below aren’t following an obvious pattern.”

They weren’t.

“In the last few weeks we’ve seen two very different approaches to the full disclosure of security flaws in large-scale computer systems,” says Bill Thompson.

“Problems in the domain name system have been kept quiet long enough for vendors to find and fix their software, while details of how to hack Transport for London’s Oyster card will soon be available to anyone with a laptop computer and a desire to break the law.”

And, weeks after ISPs were warned of a “critical defect” in the Net’s address lookup systems, major ISPs such as AT&T, BT, Time Warner and Bell Canada, “have yet to install a patch inoculating their subscribers against attacks,” says The Register.

According to its informal survey of readers, “15 ISPs failed Kaminsky’s ‘Check my DNS’ test, it says, adding:

“Subscribers of ISPs that are still vulnerable ought to hardwire an alternate DNS server into their operating system. We’re partial to OpenDNS. They’ve been vulnerability free since at least July 8, when Kaminsky announced the bug.

“Other ISPs that were reported vulnerable include: Skybroadband, Carphone Warehouse Broadband, Opal Telecom, T-Mobile, Videotron Telecom, Roadrunner, Orange, Enventis Telecom, Earthlink, Griffin Internet and Jazztel. Demon Internet was reported as potentially being vulnerable.”

[The clip of Kaminsky on the right is from Simon Willison’s Flickr page.]

. .Stumble It!

DoxPara Research - Details, July 24, 2008
Bill Thompson -Unpatched DNS? Stop now! Fix your systems!, July 25, 2008
The Register -World’s biggest ISPs drag feet on critical DNS patch, July 25, 2008

---

Use free p2pnet newsfeeds for your site. It’s really easy!

Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php

---

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Friday, July 25th, 2008 at 11:04 am and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 4018 times