The DNS bug is deadly! But here's how to protect yourself

The DNS bug is big news -- and it can also bite pretty hard. Are you at risk? If so, what can you do about it? This article tackles those questions and a few others.
7/30/2008 6:00:00 AM By: Gregg Keizer

Far from it, in fact, according to the available numbers.

Kaminsky, who tracks the results users get when they run the testing tool on at his blog (see "How do I know if I'm vulnerable," next section) said Saturday that at least 52% of DNS servers had not been patched. That number, however, is down from the 85% vulnerable in the first days after those patches were released.

Austrian security researchers issued a paper on Thursday (download PDF) claiming that more than two-thirds of that country's DNS servers remained unpatched, a situation they called "rather grim."

How do I know if I'm vulnerable? Several free online tools will tell you whether the DNS resolving server you use has been patched.

Kaminsky's blog has one. Click "Check My DNS" at the upper right under the "DNS Checker" heading.
DNS-OARC (DNS Operations, Analysis and Research Center) has a Web-based testing tool as well as instructions on using the Unix "dig" command.
DNSstuff.com also boasts a Web testing tool. Click "Test Now" in the box at the lower left of the home page; the box is tagged as "DNS Vulnerability Check."

What do I do if I'm vulnerable? Patches are out, but as Kaminsky has said, this is really a problem for Internet service providers and companies -- which maintain DNS servers -- to fix, rather than an end-user issue.

Sign up for our Computer Dealer News Newsletter
Page Navigation 1) DNS flaw gets widespread attention - Page 1
2) More than half of DNS servers remain flawed - Page 2
3) Test your vulnerability and apply client-side patches - Page 3

>> Next Page

<< Back