The internet security website Matasano accidentally posted on Monday details of a potentially dangerous internet flaw; it was quickly taken down, but not before being found and circulated by hackers, who believe that writing an exploit to attack the bug will be easy and are ready to benefit from it. According to Wired Magazine’s security and privacy blog "Threat Level," "[h]ackers are furiously working on an exploit to attack the vulnerability. HD Moore, creator of the Metasploit hacking tool, says one should be available by the end of the day." The flaw is in the DNS, Domain Name Service, often called the “internet phone book,” which translates URLs from text-based (www.atelier.net, for example) into numerical IP addresses. The exploit makes tying malicious IP addresses to legitimate URLs much easier. Attacks could potentially hijack users to create sites that imitate legit ones, which will download malware to users' computers or steal information entered into a dummy site. This has been called “phishing without
The flaw was discovered by Dan Kaminsky, researcher for IOActive, Inc., and was announced July 8th, when a patch was released. Kaminsky had planned on describing the flaw in August at Black Hat, a major technical security conference.
It is estimated that only about half of DNS servers have been patched. "Most people have not patched yet," said Paul Vixie, president of the Internet Systems Consortium, premier maker of DNS software. "That's a gigantic problem for the world."
News of the leak should hasten patching efforts, but it is expected that we will begin seeing attacks within a few weeks. You can check to see if your DNS is safe at Kaminsky’s site, www.doxpara.com.