Site icon Liquidmatrix Security Digest

DNS Exploit Is Out Of The Bag

Well, there was a rumble earlier today when Halvar Flake made it known that he had puzzled out Dan Kaminsky’s DNS vulnerability.

From ADD / XOR / ROL:

I know that Dan asked the public researchers to “not speculate publicly” about the vulnerability, in order to buy people time. This is a commendable goal. I respect Dans viewpoint, but I disagree that this buys anyone time (more on this below). I am fully in agreement with the entire way he handled the vulnerability (e.g. getting the vendors on board, getting the patches made and released, and I understand his decision not to disclose extra information) except the proposed “discussion blackout”.

Next up we saw the good folks over at Matasano jump in with their analysis of the DNS exploit.

From Matasano Chargen:

Pretend for the moment that you know only the basic function of DNS — that it translates WWW.VICTIM.COM into 1.2.3.4. The code that does this is called a resolver. Each time the resolver contacts the DNS to translate names to addresses, it creates a packet called a query. The exchange of packets is called a transaction. Since the number of packets flying about on the internet requires scientific notation to express, you can imagine there has to be some way of not mixing them up.

A rather lengthy explanation ensues and is soon taken offline when Thomas Ptacek realizes that the nature of the post is far too informative.

By then, it was too late. Google had already sunk its teeth in.

Matasano published an apology soon afterward,

We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread.

We dropped the ball here.

Since alerting the Internet earlier in July about the upcoming announcement of his finding, Dan has consistently urged DNS operators to patch their servers. We confirmed the severity of the problem then and, by inadvertantly verifying another researcher’s results today, reconfirm it today. This is a serious problem, it merits immediate attention, and the extra attention it’s receiving today may increase the threat. The Internet needs to patch this problem ASAP.

Dan Kaminsky jumped on Twitter shortly after 11 pm to confirm the worst.

Get yer patch on people.

Exit mobile version