Don’t be a Victim of DNS Security Holes
Since DNS cache poisoning attacks are far beyond my normal realm of responsibility, it’s hard for me to really talk about the topic. I did make a post about it on my work blog a few days ago, but only because Microsoft released a patch for Windows DNS servers [MS08-037] and Nortel commented on it’s applicability to Nortel servers in a bulletin.
However, when you digg your news, you find all sorts of interesting things. One thing I found last night was a link to a website talking about the DNS vulnerability found by Dan Kaminsky. The main reason that I make this post now is because Dan did something really useful. he made a little web tool and posted it on his blog which tests to see if your DNS server is vulnerable to the flaw he discovered.
The picture above came from the results of the website where I first found out about this tool. My results are as follows:
(I included a bit more text above the Check My DNS button than the other poster did.)
If you want to know how secure your ISP’s DNS server is, go to Dan Kaminsky’s website (click the image at the top of the post) and try out his DNS Checker yourself. If your ISP hasn’t patched yet (and some 40% or more DNS servers haven’t been according to one statistic I read) then the next time you visit your credit card company, or online bank statement, you just might be giving away your username/password to identity thieves.
Of course, if we were all using Perfect Paper Passwords with all of our online banking websites, such a vulnerability wouldn’t be a big issue. You might type in 1-2 password combinations from your PPP crib sheet before realizing that something was amiss, but even so, the thieves wouldn’t have anywhere near enough information (or enough of your PPP password sheet) to hack your online identity.
If you enjoyed this post, please consider to leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
No comments yet.
Leave a comment