DNS and Web Security

What is DNS and why it is important for security on the web.

Decorative Image, PC Firewall WebLast week a pretty big mishap slipped by with only the briefest mention in techy news circles. The Domain Registrar for Ireland was compromised resulting in web traffic looking for the Yahoo and Google Irish websites being redirected to unofficial counterfeit websites. You’ll be forgiven if this doesn’t mean much to you but suffice to say it could have been very very serious. In this post I’ll explain what this means to the average web user…

First some technical background, feel free to skip this if you already know or don’t really care… Websites sit on computers around the world connected to the internet. Each computer has a unique numeric address known as an IP address. An IP address looks like this 173.194.78.94 and is a set of four dot-separated numbers. We aren’t too good at remembering these long seemingly random numbers and prefer to use meaningful addresses instead that typically use recognisable and memorable words. DNS is the computer wizardry that matches a domain name with an IP address so your web browser knows where on the internet it can find the website that you’re looking for.

What happened last week is the company in charge of all domains records ending with .ie was somehow compromised and the malicious meanies were able to change some of the records. They changed the records of Yahoo and Google so that if you typed in www.google.ie then instead of your web browser reaching a server owned by Google, it would reach a server controlled by the villainous vagabonds.

Fortunately in this instance the treacherous tearaways seem to have been quite inept and they didn’t maximise this opportunity.  This time the website that was presented to people looking for google.ie or yahoo.ie looked nothing like either target, and there was no attempt to download malicious files. The compromise was quickly noticed and the people in charge put things back to normal.

If the fallacious fellows had put a little more effort into their trickery, the website they presented could have mimicked the real target website, the victims would not immediately realise they were being scammed, and the malicious copycat website could attempt to install something dodgy on your computer in the background. What’s more, if they did the same for mail.google.com or hotmail.com you might inadvertently give your credentials over directly to the villainous vagabonds. If they had done the same for banking websites then you can see how this could be really really bad news.

Decorative Image, padlockFortunately there is a second layer of security on the web called SSL or HTTPS which is intended to prove the authenticity of a website. Even though the deceptive dudes can capture you browsing to www.mybank.com they wouldn’t be able to present a valid SSL certificate that matches the domain name.  Unfortunately many people still don’t pay any attention to SSL so they would not notice if it was absent. Also in recent months there have been several incidents where the SSL authorities have been compromised and the reprehensible reprobates have been able to issue themselves with certificates that would identify their websites as belonging to other, legitimate websites.

So what can we do? Unfortunately not a lot. We have to wait for the people in charge of the internet to acknowledge the potential for damage and then do something about it. There are changes under way that will make it more difficult for things like this to happen but these things take time. In the mean time the usual advice applies; pay attention to the details, and query anything that doesn’t look quite right. You can also pay more attention to news stories that you would otherwise have skipped over thinking “that’s geeky stuff, it doesn’t affect me” when evidently it very much does.
Thanks to jscreationzs and FreeDigitalPhotos.net for the images.