Unless you frequent tech publications on the web, you’re probably not aware that a critical flaw in many DNS system implementations was found recently (DNS is what translates http://www.google.com into an IP address – learn more at Wikipedia). On July 7th, news of the design flaw that researcher Dan Kaminsky discovered started to spread. The next day, many vendors (including Microsoft, which hosted the press conference) participated in a coordinated release of patches. A few days ago the first exploit code started to appear, making it even more critical that DNS systems are patched soon.
As of today, many major ISPs are not patched and remain vulnerable. You can see if your ISP is vulnerable by visiting Kaminsky’s site and clicking the “Check My DNS” button on the right side.
Or, you can just switch your DNS servers to OpenDNS and be done with it. I came across OpenDNS on the day it launched two years ago, and have used them on some machines ever since. Turns out that OpenDNS is one of the few that were unaffected by this flaw:
I’m very proud to announce that we are one of the only DNS vendor / service providers that was not vulnerable when this issue was first discovered by Dan. During Dan’s testing he confirmed (and we later confirmed) that our DNS implementation is not susceptible to the attack that was discovered. In other words, if you used OpenDNS then you were already protected long before this attack was even discovered.
Switching your DNS settings to OpenDNS is really simple and takes about two minutes. To get started, just visit http://www.opendns.com/start and follow the instructions. Or if you know what you’re doing, then the nameservers you want are 184.108.40.206 and 220.127.116.11.
As always, make sure you have installed all of the latest patches for your computer (that would be Automatic Updates for Windows users).