DNS Data Security Flaw

There is a big security exploit that is “in the wild” that can compromise DNS servers. Since the Internet is based on DNS giving us the real address (TCP/IP Address) for an “easy-to-remember” site name, we all have to use DNS! If you are using a PC, you really need to be using OpenDNS as your DNS server. They are patched and safe! Check out OpenDNS here:

OpenDNS

OpenDNS is free, and is easy to implement if you are a DNS user. If you RUN a DNS server, you need to do the patch. Now, for some details on the exploit:

Details on DNS flaw inadvertently leaked; researcher says patch now

“The cat is out of the bag before Black Hat. That isn’t a passage from a Dr. Seuss children’s book, but a description of what happened on Monday when a Web site accidentally posted details about a DNS flaw uncovered by security researcher Dan Kaminsky earlier this month. Kaminsky, who plans to discuss the flaw at the forthcoming Black Hat security conference in Las Vegas next month, had wanted to keep the details private until then, in hopes of preventing the flaw from being used for malicously redirecting Internet traffic to phony Web sites for large-scale phishing exploits. But on Monday, Matasano Security, which knew the ins and outs of how the flaw could be used for DNS cache poisoning, inadvertently publicized the details by confirming a complex speculative theory raised in a blog entry by Halvar Flake, a specialist in reverse engineering and the CEO of Zynamics. ‘The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan Kaminsky will announce at Black Hat,’ responded a post on the Matasano site, since taken down but still residing in Google’s cache, at the time of this writing. Matasono has since apologized for the glitch. ‘Earlier today, a security researcher posted [a] hypothesis regarding Dan Kaminsky’s DNS finding. Shortly afterwards, when the story began getting traction, a post appeared on our blog about that hypothesis. It was posted in error,’ wrote Thomas Ptacek, principal of Matasano security, on the company’s site. ‘We regret that it ran. We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread,’ according to Ptacek. ‘Dan told me about his finding personally, in order to help ensure widespread patching before further details were announced at the upcoming Black Hat conference. We chose to have a story locked and loaded for that presentation, or for any other confirmed public disclosure. On a personal level, I regret this as well.’ ‘Patch. Today. Now. Yes, stay late,’ Kaminsky warned on his own Web site after the Matasano post. Kaminsky has added a ‘DNS checker’ to his site, for use in determining whether a server has been patched for the flaw.”

IBM: Ten Essential Tricks for Linux Admins

A neat little tutorial from IBM on Linux Admin tricks… I like their sense of humor as well!

Lazy Linux: 10 essential tricks for admins – How to be a more productive Linux systems administrator

“Learn these 10 tricks and you’ll be the most powerful Linux® systems administrator in the universe…well, maybe not the universe, but you will need these tips to play in the big leagues. Learn about SSH tunnels, VNC, password recovery, console spying, and more. Examples accompany each trick, so you can duplicate them on your own systems. The best systems administrators are set apart by their efficiency. And if an efficient systems administrator can do a task in 10 minutes that would take another mortal two hours to complete, then the efficient systems administrator should be rewarded (paid more) because the company is saving time, and time is money, right? The trick is to prove your efficiency to management. While I won’t attempt to cover that trick in this article, I will give you 10 essential gems from the lazy admin’s bag of tricks. These tips will save you time—and even if you don’t get paid more money to be more efficient, you’ll at least have more time to play Halo.”