DNS: A terrible thing happened ...

    A practically used hole was discovered in the DNS protocol . Not in any particular client, but in the protocol itself. Moreover, she was known a long time ago, but all the "experts" agreed that "well, in theory, this may be a problem, but in practice it is impossible to use it." But not so long ago, a method for the practical use of “cache poisoning” was invented - and this confused all the cards. It seems that this is yet another test of the Internet’s strength: the “largest synchronized security update in the history of the Internet” is planned, in which dozens of vendors (which is not so scary) and hundreds and thousands of ISPs (and this is already worse) should participate many of them are very careless about updating software on servers).

    Currently, there is not much public information. there isan interview with the person who discovered the vulnerability , there is a site on which you can check whether your computer is using vulnerable DNS or not (in fact, of course, not your DNS will be checked, but the DNS that your proxy server uses).

    There is also some information about the possible consequences: an attacker can force a caching DNS server to consider that any site on the Internet is located anywhere . What prospects for abuse does this open to me, I hope, there is no need to explain (what will happen if your partner’s SMTP server is taught to send your mail not immediately to you, but to the intruder’s site - and from there to you?).

    Dan Kaminsky promised to publish the details at a press conference on August 6th, but it is assumed that by that time (based on the published patches) she will already be known to many (and not all of these people will wear white hats).

    So it goes. Most news sites trumpet that “fundamental vulnerability is closed,” but the first word here is clearly in error. It is not “closed”, but “closed”, and when it is “closed” completely - only God knows.

    PS For those who are in the tank: we are not talking about theoretical studies on the vulnerability of the DNS protocol (they talked about this two years ago). It's about practical usethis perceptibility - and with a probability of success sufficient to make large firms such as Cisco and Microsoft fuss (not to mention Linux vendors).

    PPS I found that they already wrote about this , but since it was a topic link, it seems that no one even wanted to read the article to which the link led. All together amicably spat out comments like “slaughter”, “bullshit”, “practically you can’t use this”, etc., and then calmed down. We’ll definitely find out “Boyan” or “bullshit” only on August 6, but for now, the fact that all the systems I know were urgently updated yesterday or the day before is a sufficient criterion for me. Not “two years ago”, not “a month” ago, but “just the other day”. Did something make a bunch of vendors do this? Or are they all struggling with windmills?

    Also popular now: