bradgrier.com

photo credit: kevindooley

Headline: Researchers unleash DNS attack code
Headline: Vulnerable to a DNS cache poisoning at home?
Headline: Attack Code Released for New DNS Attack

First off. This is a serious issue, make no doubt about it. But is the reporting hype surrounding this exploit appropriate? Here’s some quotes of that hype:

Yesterday’s exploit, explained Storms, lets an attacker poison a DNS server’s cache with a single malicious entry, but today’s attack code allows a hacker to poison large quantities of domains with one fell swoop. “This second exploit has the potential for a much larger impact,” said Storms, “and could result in potentially thousands of fake addresses inserted into a DNS server’s cache.

There is a security risk on the horizon, according to experts that work
with computers and computer networks, and it is a sizable one.

A simple DNS Security Checklist would have sufficed.

1. Become better informed about this issue. Here’s an overview of the exploit and what it means to you.
2. Test your DNS service from your computers (Home & Work).
3. If you fail the test, check with your Internet Service Provider to ensure their DNS servers are going to be patched.
4. Consider using OpenDNS if you aren’t convinced your ISP is handling things correctly.
5. Use a ‘phishing aware’ browser such as FireFox3.

That’s it. Peace-of-mind can return.

Or can it? What do you think? Have you tested your DNS? Post your thoughts or results in the comments below.