DNS flaw redirects Internet users to wrong websites
MANILA, Philippines -- A flaw in the Internet’s domain name system (DNS), first detected more than a month ago, is affecting Internet service providers (ISPs) and their customers, according to a local security expert.
Security researcher Dan Kaminsky first detected the flaw early July and discussed it at length at a security conference a month later, although it was thought to have been already exploited by hackers.
The problem concerns the DNS, which translates numerical IP addresses into Web addresses (URL) familiar to users. By typing in that address, such as www.inquirer.net, users do not have to wrangle with memorizing numerical IP addresses to input into their browsers.
Experts fear that the flaw is now being exploited in such a way that a user who enters a legitimate address may be redirected to a different site or worse, a bogus mirror site that's actually designed to gather sensitive information such as passwords and credit card numbers.
INQUIRER.net has received feedback from readers calling attention to local Web addresses that have been redirected instead to different sites.
Joey Santos, CEO of local security services provider NetX Technology Solutions, reported that at least two local banks have encountered possible DNS-related problems, in particular detecting email containing suspicious links to their respective websites.
"It could be isolated cases involving some of their employees. But nonetheless these banks are investigating it," Santos told INQUIRER.net via telephone.
Reports about the DNS flaw also advise Internet service providers (ISP) to protect mail servers and ensure they are accessing protected (or patched) DNS servers.
Local ISPs and service providers could not be reached for comment as of this writing.
The problem is, ISPs usually do not hold themselves accountable when it comes to security cases such as this which is presumably out of their control, according to Santos.
"Their SLAs (service level agreements) only cover connectivity and the usual issue (for the user) is speed," Santos said. "In the US, it is a bigger deal because customers pay a premium for added security services from their ISPs."
Major technology companies including Microsoft and Cisco have reportedly convened and are issuing appropriate patches to their products specific to this DNS problem. Security and anti-virus company Trend Micro has also blogged about this "DNS cache poisoning" flaw in July.
In its blog, it pointed out that it was the Unites States Computer Emergency Response Team that was first to published about this vulnerability, as it detailed the security implications and the possible vendors affected.
"While this is completely unrelated to any particular malware, there is a rather disconcerting DNS cache-poisoning vulnerability that has surfaced which deserves the attention of any and every organization on the planet which operates their own DNS servers," Paul Ferguson of Trend Micro's Internet Security Intelligence in Advanced Threats Research group wrote as early as July 22.
"The importance of determining if you are vulnerable, and getting the vulnerability fixed quickly, is becoming more important as each days passes. This is due not only to the criticality of the vulnerability, but also due to some of the 'colorful' background in how some of the details have become available surrounding the vulnerability itself," he said.
User are also advised to go to this website to check if DNS servers their browsers are using are prone to attacks.
ISP's should get sued if one of their customers get scammed as a result of the ISP's not patching their servers =)
