ANTenna Blog -- Security

The show of patch-unity displayed by many of the industry's major players in addressing a domain name sever flaw is gratifying -- and annoying too. Nice to see them working together. Nicer if we knew more about the problem they're working to fix.

The coming together of Cisco, Microsoft and more than a dozen others to coordinate and deploy a unified front of DNS server fixes was in response to a server vulnerability described in this brief from CERT (Computer Emergency Readiness Team).

The vulnerability can be exploited by cache poisoning which, in very basic terms, lets the exploiter redirect traffic from legit Web sites to their illegit ones.

(There's a good technical explanation here, from Informationweek's Mike Fratto.)

The size of the problem -- and the implications of that size -- are made clear both in the essentially unprecedented unity of industry response, but also in the caution (or caginess) of public statements about the vulnerability itself.

That reticence (to be kind) will be debated, discussed and blogged for awhile -- how much right do those who use the Internet have when it comes to understanding just how deeply flawed the Net's underlying organizational structure may be?

Add your two cents' worth to that debate here, there or anywhere -- the important thing right now is to get a handle on your own business's relationship to the (DNS) domain name server problem and its fixes.

If your business is running DNS servers then you and your technical team should already be on top of the situation: check with your server manufacturer for a patch and put it to work.

If, like many small and midsize businesses, you're not running your own servers, make a quick inquiry to your service provider to make sure that they have patched theirs.

As I blogged yesterday, the more you know about how your service -- and server! -- providers work and the care they take in their work, the better protected your business will be.

The bMighty Server How-To Center is here.