Major websites at risk as attack code is unleashed

24 Jul 2008

When a flaw in the web’s addressing system was found two weeks ago by security expert, Dan Kaminsky, internet service providers (ISPs) and businesses had been warned to patch this immediately before it was exploited by hackers.

What the security flaw meant was that a hacker could exert cache poisoning, which essentially means that as you type the desired address into your web browser your ISP, if compromised, would not know it was being redirected to a fake site where you could become the victim of a phishing attack.

This saga has taken a turn for the worse after code designed to directly exploit this vulnerability has now been developed following the publishing of details of the flaw, as figured out by reverse engineer, Halvar Flake.

Several hacker sites carrying the malicious code carry this description: “This exploit targets a fairly ubiquitous flaw in DNS implementations, which allows the insertion of malicious DNS records into the cache of the target nameserver.”

This effectively makes the hacking of unsecured servers a virtual free-for-all for hackers in the know.

Security expert, Thomas Ptacek, confirmed the seriousness of the issue on his company Matasano Security’s blog shortly following this: “Since alerting the internet earlier in July about the upcoming announcement of his finding, Dan has consistently urged DNS operators to patch their servers.

“He confirmed the severity of the problem then and, by inadvertently verifying another researcher’s results today, reconfirms it today.

“This is a serious problem which merits immediate attention, and the extra attention it’s receiving today may increase the threat. The internet needs to patch this problem ASAP,” he added.

By Marie Boran