FAQ: The DNS bug and you

Are you at risk? If so, what do you do about it? We'll tackle those questions and a few others.

What do I do if I'm vulnerable?

Patches are out, but as Kaminsky has said, this is really a problem for ISP (Internet Service Providers) and companies -- which maintain DNS servers -- to fix, rather than an end-user issue.

But that doesn't mean there's nothing for you to do.

If the testing tools show that you're vulnerable, you should contact your ISP or network administrator to ask what they're doing to plug the hole.

You should also apply any client-side patches that have been released. Microsoft, for instance, rolled out fixes on July 8 for Windows 2000, XP, Server 2003 and Server 2008. If you haven't applied the update spelled out in MS08-037, do so now.

According to a security advisory that Microsoft issued late last week -- after attack code geared to the DNS bug went public -- users who have installed the update are safe from attacks using the currently available exploits.

I use a Mac. What do I do?

Apple has not yet patched Mac OS X, a fact that hasn't escaped security researchers like Andrew Storms of nCircle and security consultants such as Rich Mogull.

As Mogull said in the story he wrote for TidBits last week: "Apple has not yet provided a patch, unlike dozens of other companies that make or distribute operating systems or DNS server software. Their customers are now in danger and Apple needs to respond immediately."

Fortunately, notes Mogull, attacks are much more likely against Mac servers than individual Macs, so though the later are technically vulnerable, "there's no need to panic."

My ISP isn't doing squat. What's my next move?

You can shift to other DSN servers, in effect abandoning those run by your ISP.

Several prominent security experts, including Kaminsky, have recommended OpenDNS, a free service that includes detailed instructions on how to steer your browser to its servers for DNS lookups by modifying settings in your operating system or router.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AppleCERT AustraliaMacsMicrosoftnCircle

Show Comments