From the BBC News Article : http://news.bbc.co.uk/2/hi/technology/7496735.stm :
Computer experts have released software to tackle a security glitch in the internet’s addressing system. The flaw, discovered by accident, would allow criminals to redirect users to fake webpages, even if they
typed the correct address into a browser. Internet giants such as Microsoft are now distributing the security patch. Security expert Dan Kaminsky said that the case was unprecedented, but added: “People should
be concerned but they should not be panicking.”
“We have bought you as much time as possible to test and apply the patch,” he said. “Something of this scale has not happened before.”
Mr Kaminsky discovered the error in the workings of the Domain Name System (DNS) about six months ago.
Other links :
- US Cert advisory : http://www.kb.cert.org/vuls/id/800113
- The discoverer of the flaw, Dan Kaminsky has a tool to check whether the DNS server you use is vulnerable : http://www.doxpara.com/
- Press release from Ioactive : http://www.ioactive.com/DNSExecutiveOverview.pdf
- MS patch (which also disabled net access for Windows PC’s with Zonealarm’s firewall installed – an updated version of Zonealarm is available to correct this) : http://www.microsoft.com/technet/security/Bulletin/MS08-037.mspx . The patch is for Windows 2000 and XP ; Vista is not affected.
- ISC BIND Security Advisory for all BIND releases prior to July 2008 : http://www.isc.org/index.pl?/sw/bind/bind-security.php