Major UK ISPs fail to patch exposed DNS vulnerability

Several of the UKs most prominent ISPs have failed to patch a critical Domain Name System (DNS) vulnerability in their networks, which was openly exposed for use by hackers earlier this week.

The Internet's DNS is responsible for translating Internet Protocol (IP) addresses into human readable form (e.g. "" becomes "") and vica versa

BT, Sky Broadband, The Carphone Warehouse (Opal Telecom, TalkTalk, AOL), T-Mobile, Orange and Griffin Internet were named in The Register's informal survey of ISP customers.

The flaw itself was first publicly disclosed at the start of this month (original news) by security expert Dan Kaminsky, although it had been discovered several months earlier.

Exact details of how to manipulate the flaw were supposed to be kept secret while a global security update was conducted, unfortunately the patch was swiftly reverse engineered (hardly surprising) and exploit code revealed.

Kaminsky had already setup a simple DNS Checker application on his blog, which allowed ordinary surfers to detect whether or not their ISPs DNS servers were patched. Sadly the providers listed above failed this test, suggesting that their customers could now be extremely vulnerable to the exploit.

The vulnerability itself could allow hackers to redirect your browsing activity to fake webpage's and thus make phishing attacks even easier. Typically it can take time for larger networks to deploy the update, although it's probably fair to say that time is something they no longer have the luxury of.

print this article

Return to hosting news headlines
View Hosting News Archive

Share with: