Icann releases DNS flaw FAQ and online test tool

Powered by SC Magazine
 

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced the availability of an online FAQ and online tool to help raise awareness for the recently discovered hazardous DNS flaw.

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced the availability of an online FAQ and online tool to help raise awareness for the recently discovered hazardous DNS flaw.

The FAQ, found here details the problem and explains why it’s critical.

The online tool, found here allows domain operators to test their domains for the vulnerability which can be used to affect the contents of their zone.

According to the ICANN advisory, the tools are to help encourage network operators and users about how best to fix or update affected servers.

“While it is not possible to fully fix this flaw, there are ways to improve resistance to it. This involves system administrators patching or reconfiguring their DNS servers,” said the advisory.

ICANN also reiterated the fact that not one organisation can implement a fix for this vulnerability due to its distributed nature. Instead, “it requires the cooperation of all name server operators and DNS software vendors.”

Adam Biviano, premium services manager at Trend Micro Australia said the DNS flaw has far reaching implications as it has the potential to affect every internet user.

He said: “No longer just following the common advice of typing an address directly into a browser can solely be relied upon. A user’s website request could still be redirected to a fake site designed to steal information,” said Biviano.

He said it also illustrates the current trend away from attacking platforms towards attacks which have far broader reach.

“No one platform is safe from this threat, from users of the typical PC to people using the web on an i-Phone or game console,” added Biviano.

Security researcher Dan Kaminsky discovered the design flaw in the fundamental DNS protocol in July.

Security vendor Marshal explained that the DNS security vulnerability makes it possible for hackers to “poison” the DNS cache, translating users’ reputable Website requests into bogus addresses for sites that could contain any manner of malicious code.

For Internet users, ICANN advised them to ensure, the DNS servers’ their computer uses to look up domains, has been patched to enable "source port randomisation".

“To check if this change has been made by ISPs uses can go to an online testing tool provided by the DNS Operations, Analysis and Research Center, found here.” stated ICANN.

“To be guarded against the vulnerability, the test result should return as "Great".

Icann releases DNS flaw FAQ and online test tool
 
 
 
Top Stories
The True Cost of BYOD - 2014 survey
Twelve months on from our first study, is BYOD a better proposition?
 
Photos: Unboxing the Magnus supercomputer
Pawsey's biggest beast slots into place.
 
ANZ looks to life beyond the transaction
If digital disruptors think an online payments startup could rock the big four, they’ve missed the point of why people use banks, says Patrick Maes.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  29%
 
Application integration concerns
  3%
 
Security and compliance concerns
  27%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  22%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 1128

Vote