Phew, I'm with Bell.
Computer Science Canada DNS Vulnerability |
| Author: | Dan [ Sat Jul 26, 2008 9:23 pm ] |
| Post subject: | DNS Vulnerability |
This month a new DNS cache poisoning vulnerability was found that could effect most DNS, including those used by most ISPs. The application of this vulnerability is that the attacker could change the record of any domain name to any ip or site they like, unknown to the user. This recored would then be stored in the cache of the DNS server in till it's TTL runs out and would be spread to any other DNS that trys to do a look up from it. This means that an attacker could change rbc.com (or any bank) to there own fake site and get bank information from all of an unpatced ISPs cusmters that use online banking with out the user knowing. (In theory even the security certs would say the site is valid). Also an attacker could replace the domain name for a popular download or update site (like windows update or Firefox) and have the user download any code they like and have it run. The effects of this hole could be massive. Luckily there is already a fix out there and MOST ISPs have applied them to there DNS. Unfrontly there are a few that have not (they have had since July 8th) and this means all of the customers are massively vulnerable and is why i am posting this. With some help from the IRC channel #compsci.ca (Nick, Timmy, StealthArcher, rdrake, Unforgiven, Bored, wtd), #operations (dcraig) and tony we are so far found that: Bell Sympatico: Most Patched (some only using port randomization) Rogers: NOT PATCHED, UNSECURE!!! caltech (USA/school): Patched Comcast (USA): Patched Cogeco: Using port randomization (mostly safe) nac.net (Hosting Company): Using port randomization (mostly safe) Shaw: Using port randomization (mostly safe) U of W (school): Using port randomization (mostly safe) You can check your own DNS here: http://www.doxpara.com/?p=1176 Post if you have a diffrent ISP or result. Sources: * http://www.nytimes.com/idg/IDG_852573C4006938800025748F007863C4.html * http://beezari.livejournal.com/141796.html PS. If you are on rogers or an insecure DNS you should immediately change to a patched/secure DNS such as OpenDNS and tell your ISP. |
|
| Author: | Dan [ Sat Jul 26, 2008 9:32 pm ] |
| Post subject: | RE:DNS Vulnerability |
Some safe DNS ips: bell: 207.164.234.193 207.164.234.129 206.47.244.15 (only using port randomization) caltech: 131.215.254.100 131.215.9.49 (not tested but should be safe) 131.215.139.100 (not tested but should be safe) OpenDNS (has ads and other stuff): 208.67.222.222 208.67.220.220 Comcast: 68.87.77.132 Cogeco: 24.226.10.19 (only using port randomization) Shaw: 64.59.144.16 (only using port randomization) U of W: 129.97.128.10 (only using port randomization) |
|
| Author: | michaelp [ Sun Jul 27, 2008 10:19 am ] |
| Post subject: | RE:DNS Vulnerability |
Phew, I'm with Bell. |
|