Home / News

DNS Security Flaw Secret Leaked Prior to Set Date: Patch DNS as Fast as Possible

In what seems to have started with a blog post by reverse engineer Halvar Flake, and subsequent blog postings from other experts in the know, the details of the recently announced DNS vulnerability was quite likely made public today. The DNS flaw was found earlier this year by security researcher Dan Kaminsky and earlier this month announced publicly along with various tools and patches provided by numerous vendors. However, the details of the flaw were kept secret—with the exception of select group of experts—in order to allow for proper security measures to be taken by those at risk. Shortly after the official July 8th announcement, Kaminsky emphasized that he “wanted to go public with the issue to put pressure on corporate IT staff and Internet service providers to update their DNS software, while at the same time keeping the bad guys in the dark about the precise nature of the problem. A full public disclosure of the technical details would make the Internet unsafe.”

Following speculative postings online including those by Flake today, someone from the security research firm, Matasano, who was already aware of the details published details of the flaw on the Matasano blog but soon after removed. However, the content of the post spread rapidly and is available despite its removal from the original source.

Thomas Ptacek, Principal at Matasano Security has posted a public apology on its blog:

Earlier today, a security researcher posted their hypothesis regarding Dan Kaminsky’s DNS finding. Shortly afterwards, when the story began getting traction, a post appeared on our blog about that hypothesis. It was posted in error. We regret that it ran. We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread.

We dropped the ball here.

Since alerting the Internet earlier in July about the upcoming announcement of his finding, Dan has consistently urged DNS operators to patch their servers. We confirmed the severity of the problem then and, by inadvertantly verifying another researcher’s results today, reconfirm it today. This is a serious problem, it merits immediate attention, and the extra attention it’s receiving today may increase the threat. The Internet needs to patch this problem ASAP.

Dan told me about his finding personally, in order to help ensure widespread patching before further details were announced at the upcoming Black Hat conference. We chose to have a story locked and loaded for that presentation, or for any other confirmed public disclosure. On a personal level, I regret this as well.

As a result of today’s incidents, security experts are re-emphasizing the importance of urgently patching vulnerable DNS servers as fast as possible.

Kaminsky has made the following post on his blog in reaction to the leak:

Patch. Today. Now. Yes, stay late. Yes, forward to OpenDNS if you have to. (They’re ready for your traffic.) Thank you to the many of you who already have.

Internet Systems Consortium (ISC) is currently working on tools to detect attacks based on this vulnerability.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix