knutee

Tuesday a major patch was released to fix a flaw in DNS that potentially could give hackers total control of the internet. The vulnerability was found 6 months ago by Dan Kaminsky of IOActive.

For those that don’t know; DNS is was converts your typed in URL to a IP address on the internet. It’s structured in a hierarchy, starting with the root domain. When you type in knutee.net in your address bar, a query is sent to your DNS server, which in turn asks it’s parent DNS server and so on, untill it reaches a server that knows about my site and it’s IP. This IP is then returned back to your computer and you connect to it. The problem with this technique, as I wrote about in my DNSSEC paper, is that this data can be corrupted. One way is to intercept the query and send a fake answer back to the host, directing your browser to a different server. The other way (there are more, but keeping it simple here) is to “infect” the real DNS server with the wrong data, which will spread this fake address to other hosts.

The vulnerability in question was a DNS cache poisoning attack. You can read more about these type of attacks here.

Read the full story

Due to Dan not presenting the details of the attack, large parts of the security community attacked him, claiming that his findings where most likely old and that he just used it to hype his own status. After some pressure, he finally gave up the information to Thomas Ptacek and Dino Dai Zovi. Turns out he had the goods, and the appologies started to appear. For the rest of us, we’ll have to wait a bit longer untill the details are released.

Note

Yes, I’m aware I’m quite late with this “news”, but I’m in the process of moving so updates are slow.