Monday, July 28, 2008

Is Your ISP Putting You at Risk?

Recently there has been a lot of publicity regarding the critical defect in DNS caching - which essentially says, if you type "" (which takes you to this blog) it should go the computer who's address is "" (at the time of this posting :) ). This critical defect allows attackers to change that address to whatever they would like (essentially), and it allows them to do it at very frightening levels, i.e. like at your ISP level. What that means is that you could patch your own systems to your heart's content, but if your ISP doesn't, then you're still at risk.

When I read this on Friday, regarding some of the world's largest ISP dragging their feet in regard to patching their DNS systems, I was appalled.

When you using a provider to whom you give money for service, go to DOXPARA Reasearch (the blog maintained by the researcher who published the flaw, Dan Kaminsky) and click on the "Check My DNS" button on the right. If you get the message, "Your name server, at, appears vulnerable to DNS Cache Poisoning" (see image below) then call your provider immediately and demand that they patch their systems. Otherwise, you may not know what site(s) you're really visiting....

By the way, here's the link to OpenDNS referenced in the image above :)
posted by Dennis at 8:30 AM (permalink)


Post a Comment

<< Home