Saturday Jan 20
Jul
10/08
‘The’ DNS Issue of 2008
Updated on Thursday, 31 July 2008 09:22
Share

It’s been a day since the public announcement, so by now you’ve probably heard about the DNS issue. The bug was found earlier this year, but the discoverer (Dan Kaminsky) and team worked fervently with leaders of the technology industry to create patches for all platforms before the big announcement. And- kudos to them all for keeping zipped lips until the problem could be contained (despite all the heckling and harassing).

You can find out a little more right now– I’m including some links below for you to read more.

If you don’t know what DNS is or why you care, see the bottom of this post for a little background info.

As for the real deal on disclosure– you’ll have to wait for Black Hat in August. I’ll be there, along with other members of the Security Bloggers Network (a (non-exclusive but highly visible and well-respected) security bloggers channel for Black Hat and RSA). I’m sure you’ll see *plenty* of post-Black Hat blogs, tweets and podcasts recapping the story.

Hear the buzz…

 

What is a DNS Server? DNS are servers throughout the Internet (and inside networks) that resolve domain names (ie www.SecurityUncorked.com) to the IP address of the hosting server. The idea is, if you can trick a DNS server, your request for ESPN.com may just take you to a malicious site where you’ll be immediately infected with a virus, malware or other undesirable creepy Internet-bred monster. They’ve found a bug that could be exploited to do just that.

What do we do? It’s not the end of the world. For now, know that almost all DNS servers need to have a patch installed to protect them from this vulnerability. It’s pretty universal and every manufacturer is on board and offering a patch as of yesterday, July 8th.

# # #