DNS Poisoning?!?

Earlier this week it was revealed that a process called DNS poisoning could allow hackers to completely take over the entire Internet without users knowing it. This would put all your online data and even the routing of your email at grave risk.

The good news is that a fix for the flaw has been made. The bad news is the experts say that the fix only makes it harder, not impossible, for hackers to exploit the flaw.

Some explanations for the technically inclined out there can be found online here and here. But I will try and summarize.

The entire Internet is based on IP addresses, which take the form of a series of numbers and dots such as (the typical private IP address of the wireless router on your network). Anyway, every Web site and user has one of these numbers associated with them.

Generally speaking, though, we only see our associations with domain names. An email might be dvorak@marketwatch.com. Or a Web page might be http://www.marketwatch.com.

There is always the possibility that some sort of futuristic attack on the DNS servers that will cripple the Net for hours, days or possibly months.

To deliver to the mailbox or to display the Web page, the actual IP address must be discovered and that is done by requesting the server address from the so-called Domain Name System, or DNS. Here the Marketwatch.com name is listed in the database and associated with an IP address.

The overall DNS is complex but quite reliable if everyone plays fair. Hackers have attempted to attack it over the years as a gag.

This new vulnerability, though, could be exploited to an extreme. To simplify, the information within the structure gets purposely tainted — poisoned, if you will — and allowed to be tricked into propagating in such a way that if someone requests the IP number for Marketwatch.com they get the wrong information back.



Majestic is gadfly emeritus.