Online Banking Jeopardized - A Newly Discovered Dns Vulnerability

The Vulnerability
A recent report posted by Doxpara Research will surely give you some food for thought to think about before you go online to do your daily netbanking transactions. Why? Because if this report is right, then there are strong possibilities that although you would have typed the url address of your bank right on to your browser's address field, you may be taken to a webpage that has nothing to do with your bank ALTHOUGH it may look pretty much like your bank's landing page. What are the implications? Simple, you enter in your netbanking login details and the hacker has got everything necessary to hijack your bank account and siphon off your hard-earned funds.

DNS Cache Poisoning
The vulnerability exposed by Doxpara Research is a very serious DNS hack. It takes advantage of the way DNS servers across the internet are configured. Also called as 'DNS cache poisoning', here is the brief analogy of what this DNS attack is all about:
Pre-attack: The hacker can only try once every couple of hours to steal your internet connection, and there is but one chance in sixty five thousand chances of him/her succeeding.
Post-attack: The hacker's chances of stealing your internet connection per initial attempt remains the same, i.e., one in sixty five thousand, BUT now he/she can undertake repeated tries thousands of times per second. It can be easily seen that per attempt success possibilities increases manifold in subsequent attempts.

Solution
This serious threat is not without its solution though. There exists a software patch with must be incorporated into your ISP's DNS servers. The Computer Emergency Readiness Team (CERT) is now asking everyone to patch up their DNS servers. Jerry Dixon, an ex-directory of US Homeland Security Department's cyber security wing, has likened the incorporation of this patch as something akin to what people do increase safety by using seat belts while driving on the roads. As wearing seat-belts is compulsory, so is incorporating this patch.
After applying the patch the hacker is left with but one chance in a couple of hundred million chances (this may run into one in billions of chances) of hijacking your internet connection. Although he/she can still attempt attacks some two thousand times a second, the chances of him/her succeeding is remotely slim, and it will definitely make a lot of noise to alert the DNS server managers.

By: Vini Chand

Article Directory: http://www.articledashboard.com

Visit us for more of such niche information on Internet Security. Feel free to browse around ArticlesAndArticles -- the best place online to read the latest on the What-Who-Where-Why-How's about topics of your interest. Spend time with us here and you have our assurance - you will be a better informed person.