Thursday, July 24, 2008

DNS vulnerabilities and impact on the study

Recently, there have been reports of serious vulnerabilities in the Domain Name Service software. Domain Name Service translates hostnames (e.g., www.chase.com) to its Internet Address (e.g., 159.53.60.105).

CERT has issued an advisory on this and asked everyone to patch their servers. 


Vulnerabilities such as this could theoretically allow even remote attackers to misdirect customers to spoofed pages of their banks, especially if banks do not rely on SSL for all their content. 

I would urge all banks to switch entirely to SSL for *all* the content as soon as possible. 

Most users do not type "https" prior to the URL. To handle such cases, the home page should immediately be redirected to a secured page. See www.fidelity.com, www.bankofamerica.com, www.wellsfargo.com for examples of that redirection.

With the correct use of SSL by banks, customers must also be careful.  A careless customer can continue to be vulnerable if he/she does not pay attention to the hostname in the URL and the use of https prefix, or ignores certificate warnings from their browser. If banks consistently use SSL, careful customers should check the URL to make sure it starts with https://xyz.your-bank-domain.com/... and  should not ignore warnings from their browser.

1 comment:

danielcraddock2 said...

I agree with you banks need to be cautious with this redirecting problem. I think 90 percent of people never type "HTTP" before domain name, so it could be trouble for all.
Gold prices