• On TechRepublic: Five super-secret features in Windows 7
July 24, 2008 10:28 AM PDT

Vulnerable to a DNS cache poisoning at home?

by Robert Vamosi

On Wednesday, an exploit code allowing someone to attack the domain name system (DNS) became available. No one has yet used the code, but the advice is simple: Patch. Now. While most of the burden is on the Domain Name System servers and the various systems that support them, the nature of the flaw is such that desktop clients also need to patch their software as well.

First, to determine whether your DNS system is vulnerable, use either of these tests:

If the test returns a message similar to "Your name server, at 2xx.2xx.1xx.1x, appears vulnerable to DNS Cache Poisoning," then you may need to patch your desktop system.

Windows users
If you automatically apply Microsoft Updates to your Windows computer, you should have received Microsoft Security Bulletin MS08-037; if you don't automatically apply updates, you should click the link and apply this patch ASAP.

ZoneAlarm users
If you use ZoneAlarm, however, make sure you are running the latest release, 7.0.48, before installing MS08-037. There is a known incompatibility with the Microsoft patch and older versions of ZoneAlarm.

Mac or Linux users
If you are running Mac OS or Linux, see this US CERT page for the latest patch details. As of Thursday, Apple has not issued a patch for its Mac OS X operating system.

Still, in the end, protection from any DNS exploit also depends on your upstream ISP providers. As of Monday, researcher Neal Krawetz was reporting that servers at several high-profile ISPs remained vulnerable.

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
advertisement
Click here!
Recent posts from Security
Eastern Europeans charged in payment processor hack
A child porn-planting virus: Threat or bad defense?
Microsoft patches critical hole in Windows kernel
Panda's Cloud Antivirus leaves beta behind
Apple plugs holes for domain spoofing, other attacks
Microsoft launches Forefront Protection 2010
'60 Minutes'--Cyberwar: Sabotaging the system
Microsoft to fix holes in Windows, Office
Add a Comment (Log in or register) (7 Comments)
  • prev
  • 1
  • next
by BrianSeattle July 24, 2008 11:50 AM PDT
Robert, can you or someone at CNET call Comcast and crack the whip on them? I called regular support as well as their dedicated security line, and no one there had any idea what I was talking about when I asked about their status on patching their DNS servers.

I can understand if they want to be coy about exactly how far they are in the patching process - perhaps there are still a few unpatched machines - but to feign total ignorance of the issue is absurd, and a little unnerving to me as a customer.

You can find Comcast Security phone number, 888-565-4329, at security.comcast.net > Get Help > Contact Comcast Security.

If they are actually oblivious, it's downright scary. If they are just stonewalling, they need to learn that this is a very bad customer experience when the exploit has been made public.
Reply to this comment
by The_Decider July 25, 2008 1:13 AM PDT
It is easy enough to fix this on your own: www.opendns.com
by ofrmgfo July 25, 2008 8:27 PM PDT
As of 25 July 08 my comcast servers are up to date
by HeartofHistory July 24, 2008 12:13 PM PDT
Brian - if you follow the Dan Kaminsky link above, the text at the bottom of the DNS test box says, "Note: Comcast users should not worry." No reason is given, but the note is there.
Reply to this comment
by Schratboy July 24, 2008 1:07 PM PDT
More BS and bluster regarding the over-hyped vulnerability problem. For CRYING OUT LOUD PEOPLE! There are hundreds of other issues that will take your operations to its knees before even ONE (1) known vulnerability raises its ugly head. The falasy of vulnerability risk is over-sold. Not that these can't do harm, but there are plethora of threats and misuse issues than will impact operations to a greater extent NOW than waiting for an exploit to trigger a flaw.
Reply to this comment
by The_Decider July 25, 2008 1:15 AM PDT
Within a day of ICANN's gTLD announcement, ZDNet reports that a Turkish hacking group has hijacked domain names belonging to IANA and ICANN. Interestingly, only thier "alternative" names were hijacked. For example, ICANN.COM and ICANN.NET were, but ICANN.ORG was not. Similarly, IANA.COM was, but IANA.ORG was not. The same group is apparently responsible for other recent high profile domain hijinks as well.

One thing all of the hijacked names have in common is their registrar, Register.com, which was apparently able to fix the problem within about 20 minutes. Let's hope the parties involved are up-front enough to explain what happened.

https://www.dns-oarc.net/
by cohaver July 25, 2008 8:25 AM PDT
Windows New Desktop Search and Driver update service Faces the Same Problems
Reply to this comment
(7 Comments)
  • prev
  • 1
  • next
advertisement

After 5 years, Firefox faces new challenges

Mozilla helped reshape the Web since releasing Firefox 1.0 five years ago. Now it's got a reawakened Microsoft and Google Chrome to reckon with.

There's a map for that: GPS or smartphone?

Almost every handset comes with mapping software these days, but standalone GPS devices are becoming more affordable than ever.

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right