Small ISPs at risk to DNS flaw

Bank immune to DNS poison.

Customers of small Internet Service Providers (ISPs) may be at risk of online fraud, following the industry's lax response to securing against the recently discovered Domain Name System (DNS) cache poisoning flaw.

The flaw was publicly revealed early last month when security vendors including the Internet Systems Consortium (ISC), Cisco, Debian and Microsoft released patches after about six months of quiet collaboration. IOActive researcher Dan Kaminsky discovered the hole in January this year.

Kaminsky alerted the US Computer Emergency Readiness Team (US-CERT) and multiple vendors to the flaw and all agreed to keep mum on the vulnerability until a fix was developed.

The attack can be used as a vector to deliver a variety of payloads to the customers of ISPs with unpatched DNSs, ranging from financial fraud via phishing scams, to infection with malicious applications. Hackers can trick almost any DNS server into associating malicious IP addresses with legitimate domains.

Telstra, Optus, Internode and iiNet have confirmed to Computerworld their DNSs are patched, however, sources reveal many DNS admins have yet to fix the flaw, despite being notified by security researchers, and nagged by concerned ISPs and Web masters.

iiNet network engineer Mark Newton said smaller ISPs may lag behind patching because of the work required to secure their DNSs.

"[DNS patching] has probably slowed down because the procedure effectively requires customer-facing DNS servers to be segregated from the domain-hosting servers," Newton said.

"Most ISPs don't [segregate the servers] because it is cheaper and easier to keep them in one box. There has not been a compelling reason to segregate them until now, which is probably why it is taking some ISPs a long time to secure themselves.

"A hacker could make a fake bank Web site, find a vulnerable resolver, and poison its cache so that customers using that resolver are directed to the fake address instead of the bank Web site."

Commonwealth Bank chief information security officer Sarv Girn said the bank is confident its security processes will protect its customers.

"The bank is aware of situation and we are quite comfortable as we have the tools in place to monitor the situation, which complement our existing capability in both Hawk-I and two factor authentication," Girn said.

"The major IT vendors have also taken appropriate steps by introducing patches to counteract this problem so we will continue to monitor the environment for any anomalies."

A Telstra spokesperson said the company patched its DNSs immediately after a fix was issued.

ISC support engineer Alan Clegg urged DNS administrators to read the organisation's presentation on how to fix the flaw.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Darren Pauli

Computerworld
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?