Today, while you were quietly doing your job, living your life, maybe surfing the web you were most likely completely unaware that the single largest security patch effort in history was underway. It was revealed today that a serious flaw exists in all Domain Name System (DNS) servers. This flaw, which has been explained to be present since the earliest versions of the DNS protocol, could allow an unauthorized person to gain access to unique DNS information and effect a change to the server's DNS records. As a result a DNS poisoning would be in effect and the malicious entity could redirect traffic to alternate web sites.

Here's a link to the notification we saw today from US CERT.

Here's how it could have impacted you. For example someone could visit cnn.com and actually be redirected to some other site. A good hacker would make the alternate site a dead ringer for the original except perhaps ask for personal information. Imagine visiting your online banking site only to find out that you gave your personal information to an unknown person. That's the risk potential.

This flaw was discovered by Dan Kaminsky, the director of penetration testing for IOActive. Department of Homeland Security became involved and coordinated along with Kaminsky an unprecedented sharing of information with DNS vendors ensuring that a unified patch effort could be established. Those patches began rolling out as early as April, but this week, Microsoft included patches in yesterday's update cycle.

Currently the details on the flaw and how to abuse it are being held in tightest confidence by DIH, Kaminsky and the vendors, but a details are expected to be revealed during the Black Hat Security Conference in August.

For our part, Dovetail was alerted early today about the flaw and our Team is actively applying the patches to all of its systems.

This story is significant on so many fronts, but I think mainly because of the potential wide reaching havoc if the flaw had been discovered by someone else. Or if the coordinated effort failed, who knows, today could have been the day the Internet stood still.

-- Mike