A number of people have contacted me looking for insight into what risks the recent DNS vulnerability announced by Dan Kaminsky pose to Irish Internet users. In particular what ISPs have patched their systems and which ones have not. As pointed out to me by one person this would be where an Irish CERT would be very useful in coordinating a response to this issue within the Irish Internet space.
I am not privvy to the internal workings of the various ISPs and how effective their patching processes are, however I would hope that it is a rigourous one with the appropriate change control mechanisms in place. So this means that maybe your ISP has not yet been able to roll out the appropriate patch as they could still be testing it. It may mean that your ISP has the patch scheduled for their next maintenance window. Or it may mean your ISP is not aware of the problem or has the technical ability to implement the patch.
If the test shows your ISP’s DNS server is still vulnerable then contact their support people and ask them what the situation is, or alternatively get your account manager into giving you that information. If the responses are not satisfactory then remember you can still use other DNS services such as those provided by OpenDNS.
Remember if this vulnerability is serious enough for all the major vendors to work together in secret to coordinate their efforts to produce, test and release the patch on all the same date, then it is serious enough for you to apply the same patch and your ISP to do likewise.
Also don’t forget to ensure you patch your own DNS servers and apply the Microsoft workstation OS patches as well. We all need to work together to keep the Irish Internet space that bit more secure.
If you want more details on the vulnerability there will be a webinar hosted later today where Dan will discuss it in more details.