Web Flaw Leaves Personal Info in the Open

Following the release of the patch, Kaminsky took a sort of monthlong vow of silence with the security community, hoping that in that 30-day time period the world's DNS administrators would update their servers with patches and make the Web safe for the world's consumers once again. But within two weeks, when a blogger waxed philosophical on his site about the exact cause of a flaw, Kaminksy was thwarted.

"I put out a request: Give me 30 days. I know it's a huge amount of noise I'm making. Usually when this happens, it means that someone's trying to sell you something ... So people were a little skeptical," he said.

But once Kaminsky got people to realize how big the flaw was, there were "very rapid retractions."

With news of the bug out, security experts are already seeing hacker attacks on DNS servers, particularly on redirects to e-mail sites.

Kaminsky plans to discuss the bug in much more detail at a security conference next week in Las Vegas.

"I'm going to talk about DNS, about how we did this and why we did this so we can work on the next generation of fixes," he said.

What You Can Do

Since most DNS servers are run through an ISP, it is up to your service provider to fix the problem.

"The main people who should be concerned are average consumers like you and me. We go through our ISP DNS server and we might get a wrong answer," said Robert Graham, the CEO of Errata Security, a high-end security consultancy, based in Atlanta. "When we say, go to Google, we might get a wrong answer and go to a hacker's Web site."

AT&T says that it's working on the problem, while Comcast and Verizon say they have already fixed it.

To find out if you are at risk, you can visit Kaminsky's Web site, www.doxpara.com and try his DNS checker. If it says that you're not safe, then call your Internet service provider or use Open DNS as your browser.

Despite Kaminsky's concern, he warns people not to overreact.

"That doesn't mean people should panic. People should be concerned. They should run the testers. They should use Open DNS," he said. "Things are really, really under control."

-- This embed didnt make it to copy for story id = 5489156. -- This embed didnt make it to copy for story id = 5489156. -- This embed didnt make it to copy for story id = 5489156. -- This embed didnt make it to copy for story id = 5489156. -- This embed didnt make it to copy for story id = 5489156.
Page
  • 1
  • |
  • 2
Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
 
You Might Also Like...