0
PSA: Check your ISP's DNS!
in
Geek
This is geekier than usual, folks, but bear with me. It's important. Check out the links.
Apple Fails to Patch Critical DNS Flaw
Details (Otherwise known as "Why does this matter to ME?"):
Dan Kaminski's Site (This site also has a way for you to check your ISP's vulnerability)
GCN - Government Computer News
Attack code published for DNS Flaw
Vulnerable To A DNS Cache Poisoning at Home?
Web Experts Scrambling To Patch Security Flaw
Overview:
Recently, a significant threat to DNS, the system that translates names you can remember (such as www.doxpara.com) to numbers the Internet can route (66.240.226.139) was discovered, that would **allow malicious people to impersonate almost any website on the Internet**. Software companies across the industry have quietly collaborated to simultaneously release fixes for all affected name servers. To find out if the DNS server you use is vulnerable, go to http://www.doxpara.com/ , and click on 'Check my DNS'.
If your ISP is vulnerable, what to do?
You as an individual, can use OpenDNS (https://www.opendns.com/) to change your DNS server (instructions at: https://www.opendns.com/start ) on your computing devices (computer, router, phone). Then check your status again at: http://www.doxpara.com/ (Check my DNS button).
More info about OpenDNS (and the cost [FREE]) at: http://www.opendns.com/features/overview/
Googling 'recursive name server vulnerability'
It may sound like an Apple problem, because they haven't issued a patch for their server products, but it affects us all because while other manufacturers *have* issued patches, it is up to the individual ISP's, DNS servers, etc. to *install* said patch. And according to my rudimentary searches, at least 50% of recursive name servers are unpatched.
When I'm able to, I'll update this post with live links (I couldn't get my WYSIWYG editor to work, and this is too important to wait on) Done.
"Let's be careful out there!"
Apple Fails to Patch Critical DNS Flaw
Details (Otherwise known as "Why does this matter to ME?"):
Dan Kaminski's Site (This site also has a way for you to check your ISP's vulnerability)
GCN - Government Computer News
Attack code published for DNS Flaw
Vulnerable To A DNS Cache Poisoning at Home?
Web Experts Scrambling To Patch Security Flaw
Overview:
Recently, a significant threat to DNS, the system that translates names you can remember (such as www.doxpara.com) to numbers the Internet can route (66.240.226.139) was discovered, that would **allow malicious people to impersonate almost any website on the Internet**. Software companies across the industry have quietly collaborated to simultaneously release fixes for all affected name servers. To find out if the DNS server you use is vulnerable, go to http://www.doxpara.com/ , and click on 'Check my DNS'.
If your ISP is vulnerable, what to do?
You as an individual, can use OpenDNS (https://www.opendns.com/) to change your DNS server (instructions at: https://www.opendns.com/start ) on your computing devices (computer, router, phone). Then check your status again at: http://www.doxpara.com/ (Check my DNS button).
More info about OpenDNS (and the cost [FREE]) at: http://www.opendns.com/features/overview/
Googling 'recursive name server vulnerability'
It may sound like an Apple problem, because they haven't issued a patch for their server products, but it affects us all because while other manufacturers *have* issued patches, it is up to the individual ISP's, DNS servers, etc. to *install* said patch. And according to my rudimentary searches, at least 50% of recursive name servers are unpatched.
"Let's be careful out there!"