UPDATE: After Dan Kaminsky’s Blackhat presentation, Steve Friedl posted the specifics of the bug in An Illustrated Guide to the Kaminsky DNS Vulnerability.

As we mentioned last month, security researcher Dan Kaminsky discovered a serious exploit in the Domain Name Server (DNS) systems used by the thousands of internet service providers (ISPs).

- The good news: In an unprecedented cooperative effort, Mr. Kaminsky led a team of engineers from many vendors who secretly worked together to create patches to fix the exploit. The patches were simultaneously released in early July, 2008.

- The bad news: Since then, code that demonstrates how to take advantage of this exploit has been found “in the wild

- The really bad news: Many ISPs still haven’t patched their DNS servers.

What Does This Mean to Me?
If your ISP’s DNS is not patched, and they are attacked using this exploit, you may unknowingly be redirected to a phishing site. For example, you may think you’re browsing to www.MyBank.com, but actually your browser is redirected to a look-alike site. If you enter your user name and password, these could be stolen, and the bad folks who created the look-alike site could access your account and wreak havoc.

What Can I Do?
Windows – If you haven’t patched your Windows Server 2003, Windows 2000 or Windows XP computers (Vista is not affected), patch now.

Your ISP – You should know whether your ISP is vulnerable. Dan Kaminsky’s site, DoxPara.com offers a free DNS checker. Click the “Check My DNS” button to test your ISP’s DNS. Mr. Kaminsky provides more detail here.

It’s also worth a few seconds of your time to test the “randomness” of the DNS you’re using. Browse to DNS-OARC for an explanation about this randomness, then click the “Test My DNS” button to get a “grade” of Great, Good or Poor.

Concerned about your ISP’s DNS? You could avoid using it by repointing your computers or router to security-minded OpenDNS.com instead. OpenDNS has specific configuration steps on their site.

Takeaway: This serious DNS exploit has become more serious since at least some of its specifics are freely available on the internet. Get prepared now by patching your Windows computers and checking your ISP’s DNS servers. Consider using OpenDNS if your ISP’s servers are not patched.

Mr. Kaminsky is scheduled to speak on August 6, 2008 at the Blackhat Conference. He previously announced that he would announce the specific details of this exploit at the conference. Hopefully, his appearance (along with the exploit being “in the wild”) will motivate ISPs to protect their customers by patching their systems quickly.