Critical security flaw discovered in the DNS system
July 25, 2008
Less than one day after a security company accidentally posted details of a critical security flaw in the Internet's DNS (Domain Name System), potential hackers are saying that software that exploits this hole is sure to pop up real soon.
The author of one widely used hacking tool said he expected to have an exploit by the end of the day yesterday. HD Moore, author of the Metasploit penetration testing software said that the attack code was not going to be very difficult to write.
Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity.
His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. "It's not that hard," he said. "You're not looking at a DNA-cracking effort."
The security hole, a variation on what's known as a cache poisoning attack, was announced on two weeks ago by IO-Active researcher Dan Kaminsky, who planned to disclose full details of the bug during a presentation at the Black Hat conference the first week of August.
That plan was thwarted Monday, when someone at Matasano accidentally posted details of the flaw ahead of schedule. Matasano quickly removed the post and apologized for its mistake, but it was already too late. Details of the security hole soon spread throughout the Internet.
The attack can be used to redirect victims to malicious Web servers by targeting the DNS servers as signposts for all of the Internet's traffic. By tricking an Internet service provider's servers into accepting bad information, attackers could redirect that company's customers to malicious Web sites without their knowledge.
Although a software fix is now available for most users of DNS software, it can take time for these updates to trickle through all the various testing processes and actually get them installed on all the networks.
"Most people haven't patched their systems as of yet," Vixie said. "That's a huge problem for the Internet community."
Just how big of a problem this represents is a matter of some debate.
Neal Krawetz, owner of computer security consultancy Hacker Factor Solutions, took a look at DNS servers run by major ISPs earlier this week and found that more than fifty percent of them were still vulnerable to the attack.
"I find it dumbfounding that the largest ISPs are still identified as vulnerable," he wrote in a blog posting. "When potential hackers learn of the exploit, they will go playing... They are certain to start with the easiest at first: large companies that are vulnerable and support a huge number of users."
Most Internet service providers will have probably applied the patch by the time any attacks start to surface in a few weeks, and that will protect the vast majority of home users, said Russ Cooper, a senior information security analyst with Verizon. And business users who use secure DNS-proxying software will also be "pretty much protected" from the attack at their firewall, Cooper said.
He expects that users will see attacks within weeks, starting first with test attacks, and possibly even a widespread domain hijacking. "Finally will be the phishers, malware writers and organized attackers," he wrote in a Tuesday e-mail interview. "I really expect these to be very focused attacks."
"If anyone actually tries to exploit this, the actual number of victims will end up being extremely small," he predicted. "This is a bug we'll be worrying about a year from now," he said.
HD Moore said he didn't exactly see things that way. Because the flaw affects nearly all of the DNS software being used on the Internet, he said that there could be lots of problems ahead.
Source: IT Direction.
Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as