Critical DNS Vulnerability Addressed

Various vendors have banded together to fix a critical DNS cache poisoning vulnerability.  The vulnerability was discovered by Dan Kaminsky six months ago and can enable criminals to conduct phishing scams by altering DNS records for legitimate sites to point to their phishing sites.  The Register has a good article on it and SiliconRepulbic.Com also cover it.  Details of the problem are available from US-CERT and The Internet Storm Center.

Dan Kaminsky’s own Blog goes into more detail on the issue and has an online checker so you can see if your DNS server is impacted.

Finally it is interesting to note that in other countries the response to this has been coordinated by their respective CERTs to ensure ISPs and others are aware of the issue and addressing it.  It will be interesting to see if the Irish Internet space can respond appropriately without our own CERT.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.