Bag Open. Cat Out. Internet in danger! OpenDNS to the rescue?

Your ISP may be vulnurable to the Multi-Vendor DNS Issue. Here's how to tell, and a simple fix you can do to protect yourself.

PDP-11/45 lock
Creative Commons License photo cred­it: Jef Poskan­zer

One little secret that your ISP (Inter­net Ser­vice Pro­vider) has likely been involved with is the Inter­net-wide patch­ing of the Multi-vendor DNS Issue.

Simply, this issue could allow mali­cious evil-doers to redir­ect your surf­ing to web­sites that they con­trol, inter­cept­ing import­ant and private inform­a­tion (such as pass­words, bank­ing info, etc).

Fre­quent Black Hat Speak­er Dan Kam­in­sky today announced a massive, multi-vendor issue with DNS that could allow attack­ers to com­prom­ise any name serv­er — cli­ents, too. Kam­in­sky also announced that he had been work­ing for months with a large num­ber of major vendors to cre­ate and coördin­ate today’s release of a patch to deal with the vulnerability.

News of this industry-wide vul­ner­ab­il­ity and the col­lab­or­a­tion (to fix the flaw) was ori­gin­ally sched­uled to be announced at the Black Hat Secur­ity Con­fer­ence in August, but due to the vul­ner­ab­il­ity being pub­lished else­where, the presenter thought it best to release the inform­a­tion so that people can take the appro­pri­ate actions.

What can you do?
Basic­ally, this is a com­plex issue, but it boils down to a simple test and a very simple fix.

The test:
To find out if you are vul­ner­able to this issue, you can use the DNS check­er link on Kam­in­sky’s webpage here (in the upper right corner).

The fix:
If you are vul­nur­able, then you can either A) wait until your ISP fixes their DNS serv­ers, or B) set your own com­puter­’s DNS strings to point to OpenDNS serv­ers.

I highly recom­mend option B. 

The OpenDNS web­site has friendly, easy to imple­ment instruc­tions on con­vert­ing your DNS set­tings and also offer a whole host of addi­tion­al fea­tures your cur­rent ISP may not have:

I’ve writ­ten about OpenDNS before, so feel free to check out these pre­vi­ous art­icles and then help save the Internet.

And if you do test your ISP using Dan’s web page, please post your res­ults in the com­ment sec­tion! I’ll start things off by adding mine.

Tech­nor­ati Tags: , , , , , ,



, , , , ,




Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.