First Cyber Security warns of poisoned DNS caching issue

“The problem”, says David Holman, the firm’s director, “came to prominence in July when CERT [the Computer Emergency Response Team] issued an advisory, noting that it can fool users into inadvertently giving away personal details on the Internet and can also trigger malware infections and email problems.” With DNS cache poisoning, DNS lookup tables are corrupted and the numeric IP addresses of fake web pages are inserted in place of the real addresses. Then, when a user types in a correct URL, they are routed to the false page. “From then on, any details they enter, such as usernames and passwords, can be captured by third parties and used as part of Internet fraud, including identity theft,” observes Holman. He advises that solving the problem is not going to be easy for the IT security industry, because conventional systems and software find it difficult to protect against – adding that his company provides independent web site validation designed specifically to protect against this threat.