What is DNS and why it is important for security on the web.
Last week a pretty big mishap slipped by with only the briefest mention in techy news circles. The Domain Registrar for Ireland was compromised resulting in web traffic looking for the Yahoo and Google Irish websites being redirected to unofficial counterfeit websites. You’ll be forgiven if this doesn’t mean much to you but suffice to say it could have been very very serious. In this post I’ll explain what this means to the average web user…
What happened last week is the company in charge of all domains records ending with .ie was somehow compromised and the malicious meanies were able to change some of the records. They changed the records of Yahoo and Google so that if you typed in www.google.ie then instead of your web browser reaching a server owned by Google, it would reach a server controlled by the villainous vagabonds.
Fortunately in this instance the treacherous tearaways seem to have been quite inept and they didn’t maximise this opportunity. This time the website that was presented to people looking for google.ie or yahoo.ie looked nothing like either target, and there was no attempt to download malicious files. The compromise was quickly noticed and the people in charge put things back to normal.
If the fallacious fellows had put a little more effort into their trickery, the website they presented could have mimicked the real target website, the victims would not immediately realise they were being scammed, and the malicious copycat website could attempt to install something dodgy on your computer in the background. What’s more, if they did the same for mail.google.com or hotmail.com you might inadvertently give your credentials over directly to the villainous vagabonds. If they had done the same for banking websites then you can see how this could be really really bad news.
Fortunately there is a second layer of security on the web called SSL or HTTPS which is intended to prove the authenticity of a website. Even though the deceptive dudes can capture you browsing to www.mybank.com they wouldn’t be able to present a valid SSL certificate that matches the domain name. Unfortunately many people still don’t pay any attention to SSL so they would not notice if it was absent. Also in recent months there have been several incidents where the SSL authorities have been compromised and the reprehensible reprobates have been able to issue themselves with certificates that would identify their websites as belonging to other, legitimate websites.