In browser security threatened by DNS flaw exploits...

Hi malware fighters,

Interestingly, much of the work being done on Web reputation systems—such as those offered by Trend Micro, McAfee and AVG—could quickly fall apart if DNS (Domain Name System) poisoning attacks gain traction in the wild, leveraging vulnerabilities such as the one recently found by security researcher Dan Kaminsky that prompted most DNS server providers to quickly issue a critical fix.

Trend Micro Director of Web Security Business Ken Beer called DNS poisoning and infected host files “the Armageddon” because validation services base much of a Web site’s reputation score on the actual domain by evaluating the name against details provided by the domain registrars.

“We are starting to ramp up to do some degree of association [between IP address range and a domain name for a given amount of time],” Beer said. “But trying to direct map from this IP address to this domain for a period of time is really like chasing your tail.”

To keep DNS lookups accurate, administrators should make sure to patch their own DNS servers immediately and pressure ISPs to update their DNS servers as soon as possible. Administrators should also turn on features in their endpoint security solution or anti-virus platform that lock down the local hosts file, if that capability is an option.

polonus

Damien,
Don’t we already have 2 threads going on this same subject ???

Hi bob3160,

You are right, but this is another angle to the problem that have not been given much attention, because what the DNS exploit can do to torpedo in-browser-security. If a large number of name servers are still not patched, or the patched servers are now slowing on a massive number of requests (a new patch comes out next week just to patch that issue, coded P2). This thing it is not only rocking the very underlying structures the Internet rests upon, it can also severely hamper services like SiteAdvisor, in-browser checkers like finjan’s etc. Only three dns services had adequately done their homework as soon as Daniel Bernstein warned about this to come half a year ago (OpenDNS was one of them). Now it is also rattling at in-browser security. Can we uphold the very backbone security of the Internet until 2010-12 or is it going to get “broken beyond repair”. Yes, this could be a feasible outcome, believe me, and there are even parties that would applaud this sort of outcome -, these are dark days for malware fighters and those that value the free Internet we have. For some the cup is half empty and for others it is half full,

Damian

You are right, but this is another angle to the problem that have not been given much attention, because what the DNS exploit can do to torpedo in-browser-security.
Not if you're using [url=http://www.opendns.com/][b]OpenDNS[/b][/url] :)

DNS Resolver(s) Tested:
http://entropy.dns-oarc.net/test