DNS

The front page of the New York Times today had a story by John Markoff, With Security at Risk, a Push to Patch the Web, about the recent bug in DNS. Being a newspaper, the focus of the story was on news rather than practical advice. In contrast, this Defensive Computing blog focuses on practical advice.

For another introduction to the problem see What you need to know about the latest DNS flaw.

For an online test that tells you if your computer is vulnerable to the DNS flaw see The best test for vulnerability to the DNS flaw. The … Read more

Not only is there is a flaw in the Domain Name System, there is also a flaw in the suggested ways to test whether your computer is vulnerable.

Many articles suggest going to Web site x or y to run vulnerability tests. (I'm guilty of this too.) But the nature of the problem is that you can't trust Web site names.

The fallacy is simple: use a name you can't trust to see if you can trust a name.

As I explained in "What you need to know about the latest DNS flaw," every Web … Read more

Updated 2:50 p.m. PDT with comments from security researcher Rich Mogull.

Three weeks after the disclosure of a serious flaw within the Domain Name System (DNS), Apple has yet to patch its MAC OS X operating system, but the company may be able to look to a third party in defense.

In a posting to an Internet newsgroup on Monday, Paul Vixie of the Internet Systems Consortium (ISC) acknowledged that the Berkeley Internet Name Domain (BIND) DNS Server's recent -P1 releases may be unstable for some users. The BIND DNS Server is used on the vast majority … Read more

In my recent posting, What you need to know about the latest DNS flaw, I suggested using OpenDNS as a defense against the current DNS flaw. OpenDNS provides excellent step by step instructions for modifying the network settings on your computer to use their DNS services.

The only omission in their instructions is the need to make this change for every type of network connection. On a laptop computer, for example, you would need to modify both the network connection for wired Ethernet and also the Wi-Fi network connection. If you use dial-up, that too, needs to be modified.

Chose … Read more

In his first public comments since his Domain Name System (DNS) cache poisoning flaw was made public, Dan Kaminsky said in a conference call on Thursday he doesn't want to parse who said what when. He just wants everyone to understand that they must patch their systems now.

Speaking during the second pre-Black Hat security conference Webinar, Kaminsky, who's director of penetration testing for IOActive, provided the most information to date about the DNS flaw he found earlier this year but only disclosed in public on July 8. DNS is what translates the common name of a Web … Read more

UPDATE: We just learned that the escaped Eddie Davidson, the "spam king," was found dead after having apparently murdered his family. Obviously, we did not know this at the time we recorded our podcast, and we apologize for any insensitivity that could be inferred from our remarks. We will definitely address this horrible turn of events in tomorrow's show.

The recently imprisoned "Spam King" goes straight-up mint jelly and escapes from federal prison (check your barns and garages, Coloradoans), Yahoo Music makes the MSN Music mistake with the benefit of hindsight, and Walt Mossberg slams … Read more

If you've been hearing or reading about the latest DNS (Domain Name System) flaw, you may be confused about how to defend yourself. Think of this as a cheatsheet, it's what you need to know in the fewest words possible.

The flaw is mostly with software on a server computer run by your Internet Service Provider (ISP).* Some ISPs have patched the vulnerable DNS software on their computers, some have not. A recent list is available here. That said, Windows users also need to be sure they are up to date on patches as Microsoft released a recent DNS patch … Read more

On Wednesday, an exploit code allowing someone to attack the domain name system (DNS) became available. No one has yet used the code, but the advice is simple: Patch. Now. While most of the burden is on the Domain Name System servers and the various systems that support them, the nature of the flaw is such that desktop clients also need to patch their software as well.

First, to determine whether your DNS system is vulnerable, use either of these tests:

If the test returns a message similar to "Your name … Read more

As of Wednesday, an exploit code allowing someone to attack the domain name system (DNS) was available in various places on the Internet.

On July 8, IOActive researcher Dan Kaminsky disclosed a flaw in the DNS but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured that it would take about 30 days for that to happen.

The 30-day mark just happened to coincide with his speaking engagement at Black Hat in Las Vegas on August 6.

But on Monday, fellow Black Hat presenter Halvar Flake attacked Kaminsky's plea … Read more