Aussies play down DNS disaster

Aussies play down DNS disaster

Summary: One large Australian organisation and a local computer security advisor have played down the importance of a security flaw in the global Domain Name System (DNS) that has led to panic in some security circles around the globe.

SHARE:

One large Australian organisation and a local computer security advisor have played down the importance of a security flaw in the global Domain Name System (DNS) that has led to panic in some security circles around the globe.

Dan Kaminsky
(Credit: Kaminsky's blog)

The flaw, which security researcher Dan Kaminsky recently claimed to have discovered, could allow people to re-direct Web browsers to malicious websites in a technique known as "DNS cache poisoning".

The DNS translates host names such as www.example.com to the numerical internet address for systems connected to the internet. It effectively acts as a computer's internet address book. DNS cache poisoning occurs where an attacker is able to introduce fake information into the cache of a DNS name server.

However, Securus Global practice manager, Declan Ingram told ZDNet.com.au today that while the problem was a critical flaw, "the sky is not falling".

"If it's going to be an issue, it's likely to be a consumer one," he said. "Really, it will only affect SSL certificates, but if they are properly authenticated, then this will be done through an authenticated server and not through the DNS."

Critical business systems were unlikely to be affected by the flaw, said Ingram. "Most of the high security systems on the internet don't rely on DNS."

Welfare agency Centrelink was one extremely large Australian organisation that didn't appear today to be worried about the problem, with a spokesperson for the agency saying it was not exposed to the flaw.

"The Centrelink gateway uses a DNS product called "djbdns", which is not vulnerable to the current DNS poisoning exploit," the spokesperson told ZDNet.com.au today.

Despite the sentiments, security experts are still warning businesses to urgently patch numerous products immediately.

Kaminsky had planned to hold back on disclosing the flaw until the Black Hat conference in August in the US. However, after disclosing it to affected vendors, this Monday, Halvar Flake, chief executive of Sabre Security, claimed to have figured out the flaw and published his findings on the company's web site.

While Kamisky did not admit it was the same flaw, he wrote on his blog following the disclosure: "Patch. Today. Now. Yes, stay late."

The flaw however has led to what some believe is the biggest multi-vendor patching exercise in history. Amongst vendors with products containing the DNS vulnerability are Avaya, Blue Coat systems, Cisco, Debian GNU/Linux, F5 Networks, FreeBSD, Fujitsu, Gentoo Linux, HP, IBM, Juniper Networks, Novell, Microsoft, Red Hat, Sun, Ubuntu and Suse Linux. Other vendors' systems may be affected also, according to the United States' Computer Emergency Response Team, which has published a list of affected vendors.

Topics: IBM, Broadband, Browser, Cisco, Networking, Security, Enterprise 2.0

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • The sky is falling in ?

    Don't think so.

    Goodonya, Dec, for taking a very Aussie stance: "She'll be right, mate."

    ....Can someone grab me a beer ?

    ;-)
    anonymous
  • Thanks Declan ...

    finally some realistic views on this topic. A serious issue but lets look at it in context.
    anonymous
  • That Assumption is Naive

    I believe the assumption that end users will understand an X.509 Certificate is naive as numerous case studies have proven that end users simply click through the warning displayed by the Web Browser when their X.509 Certificate is invalid or expired.
    anonymous