The DNS [Domain Name System] which is basically the address book for the Internet, has some serious flaws that criminals could potentially exploit. Though there is some disagreement as to how dangerous the exploit may be, it has been proven that the patches being used may not work. So what is the danger with such exploits?
According to this NY Times artcile it states:
On Friday, a Russian physicist demonstrated that the emergency fix to the basic Internet address system, known as the Domain Name System, is vulnerable and will almost certainly be exploited by criminals.
The flaw could allow Internet traffic to be secretly redirected so thieves could, for example, hijack a bank’s Web address and collect customer passwords.
The basic vulnerability of the network has become a heated controversy since Dan Kaminsky, a Seattle-based researcher at the security firm IOActive, quietly notified a number of companies that distribute Internet addressing software earlier this year.
On Wednesday, Mr. Kaminsky described the vulnerability to a packed room at a technical conference in Las Vegas. He said that it could affect not just the Web but also other services like e-mail.
“We have already been seeing attacks in the wild for the past two weeks,” said Bill Woodcock, research director of the Packet Clearing House, a nonprofit technical organization. Some of the initial attacks focused on distributing malicious software, he said, and more recently there has been evidence of so-called phishing attacks aimed at stealing personal information.
It is now almost certain that there will be an escalating number of attacks, Mr. Woodcock said. Before the patch, which has now been distributed to more than three-quarters of the affected servers in the world, it would have taken as little as one second to insert false information into the address database. Now, even with the patch, attacks will be possible in a matter of minutes or hours, he said.
Yipes. Makes one wonder if any of us should even trust the Internet. It also makes one wonder if we should conduct any banking business on the Internet.
What do you think? Will you continue to do online banking? Or will this exploit make you more cautious?