Security Expert Finds A Wrench In The Internet

A few months ago, Internet security expert Dan Kaminsky discovered a major problem with the basic wiring of the Internet — one that could easily be exploited by hackers. It has to do with what's known as the domain name system, or DNS.

Kaminsky, who works for the Internet security company IO Active and is a consultant for Microsoft, tells Andrea Seabrook that he stumbled upon the flaw while tinkering with a way to make the Internet faster.

"You want to talk sinking feelings," he says. "This was a bug that was going to take months and month and months of work."

Essentially, the DNS contains a design flaw that could enable hackers to switch the Web site you're directed to when you type a URL into your Web browser. Without your knowledge, you could be transferred to a fake Web site that tries to steal your personal information.

When Kaminsky discovered the problem, he called a secret meeting in March of some of the world's Internet giants — Microsoft, Cisco, Linux — in Redmond, Wash., to come up with a security patch.

Why the big need for secrecy? "We all had something to lose," he says.

To check whether your company or Internet service provider's DNS server has been patched, Kaminsky recommends taking these steps:

Run the DNS server check at DNS Stuff or at Kaminsky's blog.

If the server is vulnerable, Kaminsky suggests e-mailing your ISP or your company's IT department and encouraging them to add a patch. Kaminsky also recommends switching your personal computer to use OpenDNS, a free network service. More information and instructions are available at opendns.com.

"The average consumer shouldn't have to worry about this," he says. "Right now, it's an open question whether the Internet that's being provided is the Internet that's actually what the customer expects."

Comments

 

Please keep your community civil. All comments must follow the NPR.org Community rules and terms of use, and will be moderated prior to posting. NPR reserves the right to use the comments we receive, in whole or in part, and to use the commenter's name and location, in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.