Icann releases DNS flaw FAQ and online test tool

Powered by SC Magazine
 

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced the availability of an online FAQ and online tool to help raise awareness for the recently discovered hazardous DNS flaw.

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced the availability of an online FAQ and online tool to help raise awareness for the recently discovered hazardous DNS flaw.

The FAQ, found here details the problem and explains why it’s critical.

The online tool, found here allows domain operators to test their domains for the vulnerability which can be used to affect the contents of their zone.

According to the ICANN advisory, the tools are to help encourage network operators and users about how best to fix or update affected servers.

“While it is not possible to fully fix this flaw, there are ways to improve resistance to it. This involves system administrators patching or reconfiguring their DNS servers,” said the advisory.

ICANN also reiterated the fact that not one organisation can implement a fix for this vulnerability due to its distributed nature. Instead, “it requires the cooperation of all name server operators and DNS software vendors.”

Adam Biviano, premium services manager at Trend Micro Australia said the DNS flaw has far reaching implications as it has the potential to affect every internet user.

He said: “No longer just following the common advice of typing an address directly into a browser can solely be relied upon. A user’s website request could still be redirected to a fake site designed to steal information,” said Biviano.

He said it also illustrates the current trend away from attacking platforms towards attacks which have far broader reach.

“No one platform is safe from this threat, from users of the typical PC to people using the web on an i-Phone or game console,” added Biviano.

Security researcher Dan Kaminsky discovered the design flaw in the fundamental DNS protocol in July.

Security vendor Marshal explained that the DNS security vulnerability makes it possible for hackers to “poison” the DNS cache, translating users’ reputable Website requests into bogus addresses for sites that could contain any manner of malicious code.

For Internet users, ICANN advised them to ensure, the DNS servers’ their computer uses to look up domains, has been patched to enable "source port randomisation".

“To check if this change has been made by ISPs uses can go to an online testing tool provided by the DNS Operations, Analysis and Research Center, found here.” stated ICANN.

“To be guarded against the vulnerability, the test result should return as "Great".

Icann releases DNS flaw FAQ and online test tool
 
 
 
Top Stories
The iTnews Benchmark Awards
Meet the best of the best.
 
Telstra hands over copper, HFC in new $11bn NBN deal
Value of 2011 deal remains intact.
 
Photos: iTnews Benchmark 2015 finalists revealed
Awards alumni gather to celebrate.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  4%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  14%
 
A State Government agency (Health dept, etc)
  6%
TOTAL VOTES: 1745

Vote
Do you support the abolition of the Office of the Information Commissioner?