Bag Open. Cat Out. Internet in danger! OpenDNS to the rescue?

photo cred­it: Jef Poskan­zer

One little secret that your ISP (Inter­net Ser­vice Pro­vider) has likely been involved with is the Inter­net-wide patch­ing of the Multi-vendor DNS Issue.

Simply, this issue could allow mali­cious evil-doers to redir­ect your surf­ing to web­sites that they con­trol, inter­cept­ing import­ant and private inform­a­tion (such as pass­words, bank­ing info, etc).

Fre­quent Black Hat Speak­er Dan Kam­in­sky today announced a massive, multi-vendor issue with DNS that could allow attack­ers to com­prom­ise any name serv­er — cli­ents, too. Kam­in­sky also announced that he had been work­ing for months with a large num­ber of major vendors to cre­ate and coördin­ate today’s release of a patch to deal with the vulnerability.

News of this industry-wide vul­ner­ab­il­ity and the col­lab­or­a­tion (to fix the flaw) was ori­gin­ally sched­uled to be announced at the Black Hat Secur­ity Con­fer­ence in August, but due to the vul­ner­ab­il­ity being pub­lished else­where, the presenter thought it best to release the inform­a­tion so that people can take the appro­pri­ate actions.

What can you do?
Basic­ally, this is a com­plex issue, but it boils down to a simple test and a very simple fix.

The test:
To find out if you are vul­ner­able to this issue, you can use the DNS check­er link on Kam­in­sky’s webpage here (in the upper right corner).

The fix:
If you are vul­nur­able, then you can either A) wait until your ISP fixes their DNS serv­ers, or B) set your own com­puter­’s DNS strings to point to OpenDNS serv­ers.

I highly recom­mend option B. 

The OpenDNS web­site has friendly, easy to imple­ment instruc­tions on con­vert­ing your DNS set­tings and also offer a whole host of addi­tion­al fea­tures your cur­rent ISP may not have:

Features

• Fea­tures Overview
• Con­tent Filtering
• Adult Site Blocking
• Domain Block­ing
• Domain Whitel­ist
• Phish­ing Protection
• Stat­ist­ics
• OpenDNS Guide
• Cus­tom­iz­a­tion
• Large Cache
• Ultra-Reli­able Network
• Short­cuts

I’ve writ­ten about OpenDNS before, so feel free to check out these pre­vi­ous art­icles and then help save the Internet.

• OpenDNS: Safer, smarter, speedi­er surfing
• One year of OpenDNS

And if you do test your ISP using Dan’s web page, please post your res­ults in the com­ment sec­tion! I’ll start things off by adding mine.

Tech­nor­ati Tags: Black Hat, DNS, OpenDNS, Secur­ity, Flaw, Vul­nur­ab­il­ity, Pri­vacy