Massive Internet Flaw :: DNS cache corruption?
by Colin on Jul.09, 2008, under General
Big news today about a large security whole that affects the backbone of the Internet; DNS. The Domain Name System or DNS is basically what translates readable names like colinharrington.net to its corresponding IP address. It is cornerstone to just about everything that we do on the internet. This news is larger than the Debian, OpenSSL fiasco that I blogged about earlier.
I first came across this when I read this article which was posted to Digg.com.
When I first logged into Ubuntu, I was notified that there were very important security updates by the bright red warning icon in the gnome panel. I was quite happy not to have annoying balloon pop-ups or tricky log-out buttons that hijack the computer to automatically install important updates. The Ubuntu security updates notified me that I needed to update bind9-host, dnsutils, libbind9, among others.
We have known that DNS poisoning was an issue, but recent findings combining multiple attack vectors revealed a gaping security hole. It was interesting to note that this ‘bug’ was a design descision and had to be patched across the board. I guess design bugs can be quite hairy since its baked into everyone’s implementation. All major vendors have to patch this hole due to the design nature of this bug.
According to the initial article, The details of the attack will be revealed in 30 days "at the Black Hat security conference in Las Vegas". It is very interesting to note the current DNS issues that have made headlines recently. Apparently ICANN itself had lost its own domain name according to this story care of MSNBC. According to that article icann.com and iana.com were both hijacked. This sounds more like proof of concept work to me.
I am not an expert in this area but from the bit that I do know, the possibilities are scary; Naming authorities being compromised, man in the middle attacks, etc. What if someone were to gain control of major certificate authorities like VeriSign? It is a little scary to think about what someone could accomplish unknown to the user. Online Banking, Corporate Communications, Secure Service Bus communications, what if these could be spoofed into being sent to the wrong place, or *through* the wrong place?
This could very well make it into our history books. I guess we will know more in 30 days.
Here is some extra reading on the subject:
- http://www.us-cert.gov/cas/techalerts/TA08-190B.html
- http://latimesblogs.latimes.com/technology/2008/07/major-computer.html
- http://www.doxpara.com/
- http://www.kb.cert.org/vuls/id/800113
- http://digg.com/security/Massive_Internet_security_flaw_uncovered
- http://www.hackaday.com/2008/07/08/major-dns-issue-causes-multivendor-patch-day/
The initial article ended with these words: "This is about the integrity of the Web, this is about the integrity of e-mail," Kaminsky said. "It’s more, but I can’t talk about how much more." which sounds very similar to Rusty Ryan’s line in Ocean’s Twelve "Look, it’s not in my nature to be mysterious. But I can’t talk about it and I can’t talk about why."
2 Comments for this entry
1 Trackback or Pingback for this entry
-
Bookmarks about Corruption
December 20th, 2008 on 2:30 pm[...] – bookmarked by 2 members originally found by vietatofumare on 2008-12-04 Massive Internet Flaw :: DNS cache corruption? http://colinharrington.net/blog/index.php/2008/07/09/massive-internet-flaw-dns-cache-corruption/ – [...]
December 4th, 2008 on 9:01 pm
Here is an interesting Article on what went down from a ‘hind-sight’ perspective.
http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky
June 29th, 2009 on 5:32 pm
The info you’ve given is spot on, believe me, I’ve been doing my research and you’re info is some of the best out there.