Tuesday, July 8, 2008

DNS trouble in the offing

Dan Kaminsky released information today about a rather serious vulnerability in the implementation of DNS on most major platforms.

Microsoft has posted information about it on its site here.

Rich Mogul has an interview with Dan here.

Arthur over at Emergent Chaos has posted here

Why should this concern you? Microsoft is listing it as important rather than serious, but I think they are undervaluing the seriousness of this vulnerability.

Quick overview of DNS for you. DNS is like the yellow pages of the Internet. Computers work better with numbers and people work better with words. When you want to find CNN.com your browser contacts a DNS server to find out what IP address the site resides. This is similar to the physical address associated with a business in the yellow pages. Think of the IP address as directions to that particular business. A typical IP addres looks like this The first set of numbers (refered to as an octet) is essentially the city in which the business resides. The second set of numbers is the neartest major street to the business. The third set of numbers is the street of the business and the final set of numbers is the street address of the business.
What DNS does is allow you to type in the name of the site you want to go to and have all of the "travel information" for your destination be given to you.
Now imagine someone sets about printing yellow pages with incorrect information that will bring them profit. So rather than going to the real CNN.com ( your DNS server has been given spoofed information to send you to a malicious website at

If you manage DNS servers, you should patch them as soon as possible. If you don't, you may want to make sure whoever does manage your DNS has patched their systems.

Be safe out there,

(Edit) - as of 2:15 PM CDT Microsoft does not appear to have released the patch for this vulnerability.

(Edit 2) appears that the patch is showing up as 2 different Knowledge Base articles: kb951746 and kb951748