DNS: A terrible thing happened ...
A practically used hole was found in the DNS protocol . Not in any particular client, but in the protocol itself. Moreover, it was known a long time ago, but all the “experts” agreed that “well, in theory, this can be a problem, but in practice it cannot be used”. But not so long ago, a method of practical use of “cache poisoning” was invented - and this confused all the cards. It seems that this is another test of the strength of the Internet: there are plans for “the largest synchronized security system” and dozens of vendors (which is not so bad) and hundreds and thousands of ISPs (and this is already worse). many of them are very negligent about software update on servers).
At present, there is little information in public access. There is an interview with the person who discovered the vulnerability , there is a website where you can check whether your computer is using a vulnerable DNS or not (in fact, of course, not your DNS will be checked, but the DNS your proxy server uses).
There is also some information about the possible consequences: an attacker can force a caching DNS server to assume that any site on the Internet is located anywhere . I hope, I don’t need to explain what prospects for abuse this is (what will happen if your partner’s SMTP server is taught to send your mail not immediately to you, but to the attacker's website - and from there to you?).
')
Dan Kaminsky promised to publish the details at the press conference on the 6th of August, but it is assumed that by that time (based on the published patches) she will already be known to many (and not all of these people will wear white hats).
So it goes. Most of the news sites are trumpeting that "fundamental vulnerability is closed," but the first word is clearly in error. It is not “closed”, but “closed” and when it will be “closed” definitively - God only knows.
PS For those who are in the tank: we are not talking about theoretical studies on the issue of the vulnerability of the DNS protocol (we talked about this two years ago). We are talking about the practical use of this recognizability - and with a probability of success sufficient to make a fuss about big companies like Cisco, Microsoft (not to mention Linux-vendors).
PPS Found that they already wrote about it, but since it was a topic link, it seems that no one even wanted to read the article to which the link led. All together otplusovali comments such as "dupe", "garbage", "practically it can not be used," etc., and then calmed down. “Boyan” is or “garbage”, we will know for sure only on August 6, but for now, for me, it is a sufficient criterion for the fact that all the systems I know were urgently updated yesterday-the day before yesterday. Not “two years ago,” not “a month” ago, but “literally the other day.” Did something make a bunch of vendors do this? Or are they all struggling with windmills?
At present, there is little information in public access. There is an interview with the person who discovered the vulnerability , there is a website where you can check whether your computer is using a vulnerable DNS or not (in fact, of course, not your DNS will be checked, but the DNS your proxy server uses).
There is also some information about the possible consequences: an attacker can force a caching DNS server to assume that any site on the Internet is located anywhere . I hope, I don’t need to explain what prospects for abuse this is (what will happen if your partner’s SMTP server is taught to send your mail not immediately to you, but to the attacker's website - and from there to you?).
')
Dan Kaminsky promised to publish the details at the press conference on the 6th of August, but it is assumed that by that time (based on the published patches) she will already be known to many (and not all of these people will wear white hats).
So it goes. Most of the news sites are trumpeting that "fundamental vulnerability is closed," but the first word is clearly in error. It is not “closed”, but “closed” and when it will be “closed” definitively - God only knows.
PS For those who are in the tank: we are not talking about theoretical studies on the issue of the vulnerability of the DNS protocol (we talked about this two years ago). We are talking about the practical use of this recognizability - and with a probability of success sufficient to make a fuss about big companies like Cisco, Microsoft (not to mention Linux-vendors).
PPS Found that they already wrote about it, but since it was a topic link, it seems that no one even wanted to read the article to which the link led. All together otplusovali comments such as "dupe", "garbage", "practically it can not be used," etc., and then calmed down. “Boyan” is or “garbage”, we will know for sure only on August 6, but for now, for me, it is a sufficient criterion for the fact that all the systems I know were urgently updated yesterday-the day before yesterday. Not “two years ago,” not “a month” ago, but “literally the other day.” Did something make a bunch of vendors do this? Or are they all struggling with windmills?
Source: https://habr.com/ru/post/28798/
All Articles