Web-Based Support
Those of you who care probably caught the news about problems with the Internet’s Domain Name Servers [DNS]. EBW printed the official security alert, while Badtux provided the penguinized version.
This Tuesday all of the big guns issued patches for the problem, but things did not go smoothly for everyone, as the BBC reports: Net address fix foxes web users
Many users of the ZoneAlarm firewall have been floored by a fix to the net’s addressing system.
Those hit found they could not get online after installing a Microsoft patch to close a security loophole.
Left open the flaw would have allowed malicious hackers to redirect users to fake websites, even if they typed the correct address.
Many net hardware and software firms prepared and applied patches this week to close the serious hole.
The part I loved was when Microsoft said no one contacted them about a problem. Yeah, well, when you can’t get on the Internet it’s a bit difficult to send an e-mail or go to the support web site to report a problem.
ZoneAlarm has a patch to fix the problem, but if you have the problem you don’t know that because you can’t get on the ‘Net to find out, or to down load the patch. If you know someone who uses ZoneAlarm, you need to contact them by phone and tell them.
9 comments
FWIW, your DNS seems to be working better now.
A bit better overall, but it varies a lot during the day. I still can’t get anyone to admit they changed something, but the problem appeared out of nowhere which indicates that someone made a change.
The penguinized version. Heh. If you could have actually been sitting in my cubicle on Tuesday as I was reading that alert and contemplating putting out patches to critical Internet infrastructure for major multi-billion-dollar enterprises residing on three different continents with 8 different OS versions and god only knows how many different patch levels, “penguinized” would not be the word I would use to describe what my reaction was, unless “penguinized” means “contains lots of swear words”.
— Badtux the Penguinized Penguin
PS – especially since it appears that this is a three year old exploit, it’s just that the kid who discovered it couldn’t get anybody to do anything about it until Kaminsky “discovered” it and realized he could create an easy real-life exploit for it. So all this furor for something that could have been quietly fixed three years ago and deployed in a sensible manner. GRRRRRRRRrrrrr!!!!!
— Badtux the Penguinized Penguin
(for the definition of “penguinized” in my previous comment, heh).
The big guys got the word months ago, but the first line of defense isn’t told until the shells start landing.
I’ve been in those discussions: “Yes, it’s a weakness, but what would anyone do with it.” You can’t get their attention unless you can show them the exploit. You have to show them the hack before they admit there’s a problem.
The whole Y2K mess was caused by a lot of people refusing to take action until the last minute. I had all of my major programs tested and verified in 1998, but clients still called to ensure their software would work.
As you say, it should be fix it when you find it, so there’s no last minute rush.
When I was a consultant working with the mighty M$ some years ago, it was common knowledge that they had an unwritten policy of not acknowledging any problem until there are 250k official complaints. Note, I said *acknowledge*! Took a lot more before a fix would be attempted.
The others, are pretty much the same. And ZoneAlarm is owned by CA now. It wasn’t much good before anyway. They can make it worse. 😉
Actually, ZoneAlarm didn’t have a problem, per se, until M$ changed the rules. That ZoneAlarm could be patched so quickly indicates that it was a minor change that was obvious.
[…] posted earlier about the problem with Domain Name Servers [DNS] and the need to make some patches. EBW at Wampum has a post with a […]
Thanks for the post