Friday, July 25, 2008

Unpatched: 10 Million DNS Servers, 500 Million Browsers

A few weeks ago, I blogged about the 500,000,000 unpatched Internet browsers that the Swiss Insitute of Technology estimates are out there.

Yesterday, I blogged about the 10 million DNS servers now at risk because of the DNS vulnerability recently identified by Dan Kaminsky.

Now, let's assume that 20% of the DNS servers have been made compliant over the past few weeks, a number that I personally believe is a stretch. That still leaves 8 million DNS servers as targets for hackers looking to redirect Internet traffic, and 500,000,000 unpatched browsers.

That's a lot of potential for evil.

A friend from one of the larger online financial service providers in the US sent me a link to a quote Kaminsky made that was published yesterday. In this quote, Kaminsky is starting to sound the alarm:

"We are in a lot of trouble," said IOActive security specialist Dan Kaminsky. "This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please. This is a big deal."

As I mentioned yesterday, we shouldn't hold our breath when it comes to hoping all the DNS servers out there are going to get patched anytime soon.

Another issue that I can see looming regarding this issue is the difficulty that the mainstream press is going to have in "sound-biting" a technically complex (for non-IT folks) problem so it can be made interested for consumers.

That initial explanation of how large and small remote Domain Name Servers and local HOSTS files all work together to resolve URL requests is going to have folks reaching for their remotes pretty quickly...

The good news is that there is a solution available. Almost five years ago, we started work on a system that would protect there requests from the origin point through to the destination server.

As I mentioned yesterday, our service, Authentium SafeCentral, bypasses the non-secure DNS infrastructure and provides a secure means of correctly connecting to transaction sites.

This patent-pending service operates securely, anywhere in the world, regardless of whether or not your ISP's DNS servers have been patched. And if you're one of the 500,000,000 who haven't updated your browser, SafeCentral will provide you with a much safer Internet.

Note: Some of you asked where the estimate of 10 million DNS servers came from. Although I thought this was was clear in the original blog, the sources of the number was the Infoblox DNS Report Card, which estimated there were nine million DNS servers in place at the end of 2007.

I simply took the previous year's growth and used that as a guide - which produces a total base of just slightly less than 10m servers.

No comments: