"DNS Forgery Pharming" Attack Against BIND 9

Monley writes "Help Net Security is running a story about a severe flaw in BIND's implementation that allows fraudsters to efficiently predict generated random numbers without the need to control the route between the user and the DNS server. (Here are HTML and PDF versions of the paper.) Using this vulnerability, fraudsters can remotely forge DNS responses and direct users to fraudulent websites, which can steal the user's sign-in credentials and do other mischief. The flaw was discovered by security researcher and Trusteer's CTO, Amit Klein." The ISC has released a patch to BIND 9.

Come again?

[Angst+Badger]

Since when is a severe flaw in BIND's implementation news?

Re:New

[Charles+Dodgeson]

How long has BIND been using the same random number generator? I'm a little bit skeptical that Mr. Klein is the first person to consider the possibility of mimicking its behavior

If you read the PDF, you will see that a good history of this kind of attack (and previous responses to it) are detailed. Apparently there has been is history of research into this kind of attack, with various counter measures. But the new attack (which seems like it would apply to almost all versions of BIND9 takes a different approach at "cracking" the PRNG which looks like it could be run against real-world servers.

I don't pretend to understand everything (or even most things) in the PDF, but it looks like solid research to me.

Re:Jeezus freaking A Christ

[eggnet]

Probably because BIND has to be cross-platform. I'm sorry to break this to you Matt, but some people use inferior operating systems without good random number generation function. That doesn't prevent BIND from using superior OS provided services for platforms that do have good random number generators. They decided not to do it, plain and simple.