Search

Search

Pages

Categories

Popuar Topics

Search

Categories

Main menu:

Tags

Weblogs of Interest

Serious Internet Bug Causes Concern

News has been coming out on some of the big media sites (see CNN) about a serious flaw that allows hackers to control how traffic is routed on the internet.

I’m not sure what took the media so long to catch this story, but this is something that has been known for a while, and I recall reading about it in a trade magazine some months ago.

The first thing the average computer user needs to realize is that there is no action needed on their part. The potential problem only targets DNS servers, which are the computers that route traffic on the internet.

DNS servers are usually owned and operated by big internet service providersimage like Comcast or Verizon. These DNS systems help internet users reach various destinations on the internet by allowing them to use simple names like www.consumerkarma.com instead of the actual internet address which might look something like: 192.168.0.1 or 74.100.33.14.

Imagine how difficult it would be to use the internet if you had to type those kinds of numbers in for each website you wanted to reach! That is where the DNS servers come to the rescue.

Every computer that is connected to the internet has to know the address of the DNS server it will use to translate names like www.consumerkarma.com into the actual internet address which is needed to reach that destination. Most of this stuff all happens behind the scenes and most users are not aware that their computer is even using the services of a DNS server, since it happens automatically for the most part, when the user brings their computer online.

What some clever hacker has figured out is a way to access the cache inside a DNS server and modify it to his liking. Think of "cache" as a kind of temporary storage area that a computer keeps in its memory to allow fast access to data that resides there. Retrieving information from a hard disk is slower than from memory, so cache provides an efficient way to access information that tends to be accessed a lot. Instead of pulling the data from the hard disk every time, the data can be snatched quickly from the cache as needed.

In this case, the data in the cache on the DNS servers contains information that is needed to translate the simple names I mentioned earlier into the actual internet address, which was that sting of numbers and dots that’s hard to remember. Since the typical DNS server can have hundreds or thousands of other computers asking it to translate names into numbers on a non-stop basis, the performance of the DNS server benefits greatly by using cache.

Lord knows how hackers figure this stuff out, but there certainly seems to be too many people out there with too much time on their hands which is obviously accompanied by a lack of morals.

Anyway, what the hackers manage to do is exploit some kind of program flaw on a DNS system which allows them to access the cache and modify it. This is known as "DNS cache poisoning."

Let’s say for example, that your bank is called "Big Fat Bank" and you can access your bank account online by visiting www.bigfatbank.com. Whenever you want to visit www.bigfatbank.com, an accommodating DNS server translates that name, www.bigfatbank.com , into the internet address that is needed to route your request to your bank’s website. Let’s say that your bank’s actual internet address is 192.168.37.1 in this case.

Well, when a hacker decides to "poison" the DNS cache on the DNS server that your computer uses to route you to the website you want to visit, he can modify the cache so that www.bigfatbank.com directs you not to 192.168.37.1 where your bank website actually resides, but to another address where he has set up a website of his own.

More-than-likely, the website that the hacker has created will look exactly like your bank’s website, and when customers try to log in to the fake bank site, guess what happens? The hacker records the customer’s account number and password and can then visit the bank’s real website and access the customer’s account.

The customer who attempts to log into the fake bank site that the poisoned DNS cache has directed him to will probably just see a message that says the site is temporarily down for maintenance or something when he tries to log in, and will probably just wait until some later point in time before he tries accessing his account online again.

Meanwhile, the hacker may be accessing the customer’s account and transferring money to one of his own accounts.

All of the major internet providers have been aware of this problem for a while and have probably applied the required fix to their DNS servers, so there is probably not too much to worry about at this point. In fact, I’d be shocked if a single major internet service provider has not implemented the required fix on all of their DNS servers.

However, always be suspicious of anything that seems unusual with any of your online bank accounts, and don’t hesitate to contact your bank or other financial institution if you think someone has gained access to your account or has discovered  your account number and password.

You never know when the next flaw will be discovered that will open a new door for the hackers to exploit, so it pays to be alert and on the lookout for anything that does not seem quite right.

Write a comment