If you only install one patch this year…

Posted on July 9th, 2008 by Jason Caminiti

I don’t ordinarilly send out these types of things.  (Goes the mantra from your friends who always send you junk.)  It is true, I try not to be reactionary and alarmist.  I try not to rile people up with bug fixes they need to install NOW.  Most bug fixes can wait.  They tend to not be that important.  But, this one is big, or at least it appears to be from what I can tell from www.doxpara.com.

Recently some of the top names of the industry have come together to work on fixing a bug in DNS.  A bug that has apparently been there for a very long time.  It affects many dns systems across many platforms.  Translation:  It is huge.  The amazing part is that it was found quietly by a security researcher.  All of the biggest names in DNS including Microsoft, Cisco, Nominum, Neustar and OpenDNS got together to simultaneously release a bug fix for their platforms.  There is now a patch for all the major dns systems.  If you are using Bind8 upgrade, otherwise get to patching your systems asap.  It doesn’t appear to be only isolated to the dns servers, they want everyone to patch their pc’s as well.

Basically what the vulnerability will do is allow what is called DNS Cache poisoning, but on a grander scale than which we are accustomed.  It will allow an attacker to change the location you go to when you type in a domain name.  So for instance if you type in blog.logicalorderofchaos.com you will be sent to somewhere the hacker (known as a Phisher) sends you.  This has been used to trick unsuspecting users into giving up their credit card information, and social security numbers.  Imagine if it weren’t some tech guy’s blog, but instead was bankofAmerica.com.  You can see where this could be a problem. 

Phishing happens all the time, but usually newer browsers can tell if it is a trick or not based on the way the url is formed or domain or IP reputation, and can stop you from going there without warning.  However, this will actually allow the attacker to change the location you actually go to, when navigating to a trusted domain.  This is bad because many sites use multiple IPs for one domain Even if they have a static IP it isn’t easy to find out what it is supposed to be once the dns is poisoned.

 The short of this is, patch your system.  Patch your system now, today, before the end of the month.  You have to do it, because this could be potentially really really bad.  End of the world kind of bad, so bad in fact that…

Ok there, I was alarmist.  But for good reason.  So get to it, now!

There is a voluntary ban on speculation as to what exactly the issue is, since they don’t want the bad guys to figure it out before the good guys get to patching their systems.  I will follow up on this in a month or two when we have more information.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Slashdot
  • digg
  • Technorati
  • Reddit
  • Fark
  • del.icio.us

Filed under: Linux, Maintenance, Web, News, General, Computing, Security

Leave a Reply

« So long, and thanks for all the bugs… Spammer goes to jail »