In the last few weeks, a significant flaw in the way traffic is directed on the internet has been uncovered. While ISPs and network administrators are scrambling to fix the problem, there is still a risk for the average internet user.

A Quick Technical Lesson

Internet domains (i.e. "pixalt.com") are masks of what is called an "IP address", which is basically a phone number for websites. When you type a website into your web browser, your computer or router must lookup the IP address of that site from a DNS server. Your internet provider (Verizon, Timer Warner, etc) usually handles this for you.

The Problem

A flaw has been found in the way these DNS lookups occur. This flaw could let a malicious attacker manipulate a DNS lookup and redirect you to a different IP address, which would then lead you to a different website than the one you requested. The website at that address would probably look similar to the intended site, but would collect your financial or personal information.

Are You Vulnerable?

This is a problem that your ISP will eventually fix, and many are doing so as I write this. The current estimate is that about 50% of the servers in the world have this problem. To check if you're vulnerable, use the "Test My DNS" button on this page:

https://www.dns-oarc.net/oarc/services/dnsentropy

The Solution

If you are vulnerable, you need to set your computer to use a DNS server that is known to have fixed this flaw. If you have a home network, you can usually change your router's settings and protect every computer you have. A good choice for this is a service called OpenDNS, which is free and also offers features like adult content filtering. Go to http://www.opendns.com for step-by-step instructions.

You can also learn more about OpenDNS from this article on CNET: http://news.cnet.com/8301-13554_3-9834579-33.html

More Information

For more information, see the following articles:

http://www.nytimes.com/2008/07/30/technology/30flaw.html
http://news.cnet.com/8301-13554_3-10002392-33.html?tag=bl