quick primer:
DNS is what lets you resolve names like www.yahoo.com to an ip address so you can actually browse to it (or ftp to it). When you go to forums.clankiller.com, a DNS server actually translates that.
There is a hack out now that allows someone to maliciously poison the DNS cache. Bascially, if you put in clankiller.com it comes back as 65.254.250.106. Someone malicious could make it come back with something completely different. Thus, instead of going to clankiller.com, you could end up at ilovetosuckgoats.com instead.
Or, instead of going to your bank site, you could go to a site that looks exactly like your bank site but actually just takes your username and password and gives it to someone in Russia.
So, anyway, the exploit was released today, so anyone and their mother can now perform this hack, assuming you know how to read. Since it's the DNS server that gets jacked with, there's nothing you can do about it directly. Your ISP has to patch their DNS server. Have they?
http://www.doxpara.com/
In the right bar there's a button to see if your DNS server is vulnerable. If it is, you can change your DNS server to use OpenDNS instead of your ISP.
http://opendns.com/
So, you've been warned. Statistics: Posted by Satis — Thu Jul 24, 2008 7:28 am
]]>