update DNS now!
The discussion about Dan Kaminsky's discovery
of the DNS vulnerability
just made a new twist and the vulnerability became more scary. Previously it was agreed upon that we (the internet) are given one month time to patch our DNS servers. That went down to "now" when Matasano leaked the attack
and thus the public knew.
Just one day later, the attack is already implemented in metasploit
What does this all mean?
It means when you thought you were surfing to "www.google.com" (or any link) you might end up at let's say a p0rn site. Or something like that. Or a fake banking site. Not so bad? Well think about it. You will (thanks to DNS poisoning) end up at the p0rn site every the time and not be able to reach google. DNS is fundamental to the internet.
So what to do about it?
- check if your DNS server is vulnerable (you can also script this with dig +short porttest.dns-oarc.net TXT)
- if it is -> patch! All major DNS server software providers released updates.
- Please, take your time for it, now! If you know that your DNS server is unpatched and you can not patch it, bug your sysadmin.
(for a background on why people found out so quickly: read this