A major new security risk, concerning ‘DNS cache poisoning’, has been discovered which can reroute web browser and email traffic to fraudulent criminal servers without the security protection in place being aware of any problems.
The security vulnerability has been found in the control of the internet DNS (Domain Name System) ‘translation and routing’ system.
The vulnerability allows a hacker to reroute information sent to across the internet, in such a way that existing security software and appliances may not detect a security problem.
Once the routing has been changed the hackers can then extract any information transmitted. This can enable identity theft and major criminal activity on both a personal and business basis.
DNS Cache Poisoning - is a hacking attack technique that allows an attacker to introduce ‘fake’ DNS information into a caching nameserver (a computer that converts domain names into appropriate IP addresses and vice versa acting as the translation and routing interface for email servers and web browsers).
The same ‘poisoned’ DNS information can also be held on a workstation if DNS caching is also set up at a workstation level.
DNS Cache Poisoning itself is not new but the recent vulnerability has occurred in the DNS software protocol which means virtually everything connected to the internet is vulnerable.
Once ‘poisoned’ the DNS routing is changed to take legitimate URL requests and send them to a ‘rogue’ server, which looks and acts like the actual server.
Because the link has been made via a valid nameserver existing email and web browsers could see no security issue as the nameserver is deemed ‘trustworthy’.
Unlike phishing attacks where an email has an embedded link to a fake address, DNS poisoning makes the fake address appear 100% legitimate and therefore can bypasses security already in place.
DNS is responsible for translating internet addresses into technical IP addresses which are used to route web browsers and emails to the correct servers.
DNS validity is checked by web email servers and browsers such as Microsoft Internet Explorer, Mozilla Firefox, Apple Safari and Opera, to ensure that the internet address being used is safe, secure and valid.