DNS flaw not a problem for UK surfers
A flaw in the way web addresses are served to computers, which allows criminals to redirect traffic to scam sites, is just starting to be used to trap international bank customers in to parting with account details. However, problems are unlikely to spread to the UK where it appears the flaw has been patched by the major ISPs.
The flaw was unveiled recently at a Black Hat security conference in Las Vegas, although Dan Kaminsky, the security analyst who discovered it, had warned the relevant authorities in early July. Many media reports had circulated since, claiming that UK ISPs had not ‘patched’ the problem but SamKnows has since discovered that BT, Virgin Media and Carphone Warehouse are either protected now or were never at risk in the first place. It is believed that all, or nearly all, of the UK’s web users are now safe.
This is in stark contrast to the USA and Asia where ISPs have been widely criticised for not taking the problem seriously enough and failing to react to an anticipated wave of attacks which is believed to now be starting.
The flaw works by interrupting the normal workings of the web. When a person types in a web address in letters, the Domain Name System (DNS) turns this in to the numerical IP address at which the site is stored. The new vulnerability works by flooding a DNS server with lots of similar web addresses, tricking it in to giving out code which could then be used by criminals to set up copy-cat sites which would be presented to users even if they have typed in the correct address. The resulting site could then pocket payments made on the site or fool users in to giving over passwords and user names.
As one would imagine, banks are the first major targets for the DNS trickery, as confirmed by Rodge Jeffe of NeuStar which handles the web gateway to Chinese web sites outside of China.
“We are actively seeing cache poisoning attack attempts on a large scale using this bug. We have to imagine that they’re still partly successful,” he recently told The Guardian. “We monitor some open recursive servers online and we noticed that some have entries that are not the correct entries for banking sites.”
Despite the ISPs patching the problem in the UK security experts are still warning companies to be vigilant and to patch their own servers to help protect against the problem. Web users are also being warned to be vigilant to ensure web sites look correct and that when they are asked to give over log in information or are viewing private data they check the provided SSL certificates thoroughly.
