(Original): http://www.breitbart.com/article.php?id … _article=1
(Archived): http://www.westerfunk.net/archives/secu … et%20flaw/
(Original): http://isc.sans.org/diary.html?storyid=4780
(Archived): http://www.westerfunk.net/archives/secu … ervations/
Most of you will more than likely have no clue about this major flaw unless you read any of the tech headlines. Even then, there really should be no reason why you would know about it, or why it is important to you. But the consequences of this giant hole, if the internet servers are not patched, could potentially be devastating. And I would like to try and explain, to the average user, why this is a not a small problem by any stretch of the imagination. I emphasize the word “try” because I’m attempting to break the language down and make it easier to understand.
The flaw has to do with the internet servers you may have heard of called DNS servers. DNS stands for Domain Name Server. DNS servers function as a hostname to IP address resolver (e.g. www.google.com translating to 64.233.167.104, for arguments’ sake). So instead of looking up Google’s home page using an IP address (64.233.167.104), you enter in a name you can remember and it points to that particular IP address for you (www.google.com). That is a very simple description, but it will suffice to explain the issue at hand.
In comes the flaw: a hole exists within the widely used open source (i.e. free) DNS server software called BIND that allows an attacker to poison its DNS cache to change the hostname from it’s original IP to a different one. You say to me now, “what the … what are you saying?”
Let me try to explain. Whenever you look up www.google.com using your Internet Service Providers’ (ISP’s) DNS servers, that lookup request stays within the DNS server for a specified amount of time so it doesn’t have to keep looking up the IP address over and over again. The lookup request gets “cached” (or saved temporarily) in the servers’ memory. Basically, it makes the look up process much faster for you.
With that said, here’s the vulnerability: because of the hole that must be patched, hackers can currently insert or change www.google.com to point somewhere it was never intended to point. That’s a big problem.
And it only gets worse. A majority of us use the DNS servers provided by our ISP’s (e.g. AT&T, Charter, Verizon, etc.) who themselves use BIND (remember … the DNS server software?) to serve up DNS requests to users. Most of these ISP’s – yes, most – have YET to patch their servers and they remain highly exposed and vulnerable to, well, a massive attack by hackers.
Now here is how the attack would look from the average users’ point of view to, say, a banking site: you look up www.wellsfargo.com, get a page that looks like Wells Fargo’s, using their hostname even (ya know, www.wellsfargo.com). Yet you are pointed to (as an example) a foreign IP address to, oh, say, in Latvia. The fake Wells Fargo site employs the standard phishing tactic of asking you for your personal information to “verify” your identity. You input your information thinking it is your bank’s website. Yet all you are doing is giving your personal information to some hacker in Latvia who can then drain your account and steal your identity ultimately.
In all reality, this is a cyber national security threat, as our core DNS infrastructure remains highly exposed and ultimately could, in a worse-case scenario, hit the economy because of rampant fraud. Don’t think this could happen? Well, it’s likely ISP’s see how big the threat is now and are working vigorously to get their servers patched.
But, nevertheless, we should all take a sober look at what happened to OmniAmerican Bank within the past year (Archived) as an example of how the unforeseeable can happen, because there are people who are smart and determined enough to make it happen – even in a short amount of time.
Leave a Reply