[Taskmage]

Apparently, internets are really easy to hax right now.

http://www.npr.org/templates/story/s...oryId=92956413

Quote:

A few months ago, Internet security expert Dan Kaminsky discovered a major problem with the basic wiring of the Internet — one that could easily be exploited by hackers. It has to do with what's known as the domain name system, or DNS.

Kaminsky, who works for the Internet security company IO Active and is a consultant for Microsoft, tells Andrea Seabrook that he stumbled upon the flaw while tinkering with a way to make the Internet faster.

"You want to talk sinking feelings," he says. "This was a bug that was going to take months and month and months of work."

Essentially, the DNS contains a design flaw that could enable hackers to switch the Web site you're directed to when you type a URL into your Web browser. Without your knowledge, you could be transferred to a fake Web site that tries to steal your personal information.

When Kaminsky discovered the problem, he called a secret meeting in March of some of the world's Internet giants — Microsoft, Cisco, Linux — in Redmond, Wash., to come up with a security patch.

Why the big need for secrecy? "We all had something to lose," he says.

To check whether your company or Internet service provider's DNS server has been patched, Kaminsky recommends taking these steps:

Run the DNS server check at DNS Stuff or at Kaminsky's blog.

If the server is vulnerable, Kaminsky suggests e-mailing your ISP or your company's IT department and encouraging them to add a patch. Kaminsky also recommends switching your personal computer to use OpenDNS, a free network service. More information and instructions are available at opendns.com.

"The average consumer shouldn't have to worry about this," he says. "Right now, it's an open question whether the Internet that's being provided is the Internet that's actually what the customer expects."

[Callisto]

Well good thing they went and told everyone about it, just in case there were a few hackers that didn't know. Wouldn't want them to miss out on an opportunity just in case some DNS servers hadn't been patched yet.

[Lmnop]

That's why it was a secret. They wanted it fixed before it got discovered. But a boat this big was sure to develop some leaks on a Titanic scale.

[Callisto]

Except they said it might not be all the way fixed for every ISP yet, lol. That's like the Secretary of Defense saying, "We had these huge security holes, and most have been covered up before the terrists found out, but there may still be 3 so see if you can find them!"

[Feba]

Callisto: This is common practice. Find a serious security hole, fix it, and then announce that it's fixed. Security through obscurity rarely works; it wouldn't have lasted long at all in this case.

[Taskmage]

It's not fixed though. About 50% of ISPs are still vulnerable. But they didn't publicly announce it until there was a major leak about the problem anyway, which was inevitable considering how many large companies were involved.

[Feba]

Quote:

Originally Posted by Taskmage

It's not fixed though.

Yes, it is. Whether the fix is implemented or not is irrelevant.

Do you realize how many vulnerabilities are announced every day, which are open doors for crackers if you don't update your system constantly?

[Callisto]

I'm aware of that, but it's not like 'There was a Flash exploit, update your Flash player!', this is more like 'There was a DNS exploit, hope your ISP has updated!'. That's the part that bugged me.

[Mhurron]

Quote:

Originally Posted by Callisto

I'm aware of that, but it's not like 'There was a Flash exploit, update your Flash player!', this is more like 'There was a DNS exploit, hope your ISP has updated!'. That's the part that bugged me.

They were notified in time to patch. This also doesn't just affect ISP's.