Gmail blocked

The screenshot above was the first thing that I saw today morning when I tried logging on to gmail. Quite possibly this can be considered a case of hacking. But then, maybe it is just not that complicated to do such a thing. How safe or secure is browsing?

Firstly, what is this openDNS?

OpenDNS is a DNS service that is very famous on the internet. DNS translates to Domain Name System. Basically all web addresses on the internet are in the form of a dotted quad arrangement i. e 111.222.121.212 and so on. But obviously this is tough for us to remember, so we use easy to remember addresses like www.google.com and www.yahoo.com

The work of the DNS is to translate these ‘english’ addresses to the dotted quad format so that it can use this address to find the location of the content server on the internet and serve you, the end user, pages from that source. Now there are many DNS servers on the internet and many provided by the ISPs themselves, but these are supposed to be very slow in resolving the addresses. Also, many DNS servers go down often and are very unreliable.

OpenDNS claims to bring a service that is secure, fast and reliable. Most of the highly trained or internet savvy users have configured their network connections so that it uses OpenDNS instead of their regular DNS servers. Now in normal DNS servers, to bring about a name resolution conflict would be akin to hacking into the server since it is a private or closed DNS server. But, in the case of the OpenDNS, as the name implies, it is ‘open’ to the community. I dont know to what level it is open, but at least if they have used such a name then it is definitely more open than the other DNS servers. By open, the community can contribute to the service and importantly blacklist hacking/phishing and other malicious URLs and addresses. This is what I assume is the nature of ‘openness’ in this service. So, the one who did this mischief needn’t have ‘hacked’ into the server, he just had to go and change a DNS entry or blacklist gmail and hence put the thousands and millions of users of OpenDNS into trouble.

Now, this is just a small mischief. But, what I am wondering is, how will this impact the security of major websites. For example, I want to log into citibank to do some transactions. Now the name is resolved through DNS. Phishing sites are usually easy to spot, because they might have something like citiibank.com as their phishing site. If you observer carefully, it has two ‘i’s in citi. But if the underlying IP address is redirected to a phishing site, there is no way that one can determine if there has been fraud or not. For example, citibank.com(correct spelling) may direct to 1.1.2.2, but the DNS might have been hacked to direct it to 2.2.3.4 which is a malicious site that will store your card details and passwords. How will one come to know without installing tools and software that would probably validate by checking multiple DNS servers on the internet and check for consistency. Again, this only means that the overall name resolution time has got slower due to all this cross checking.

So, are open services really that secure as they say. It takes just one instant for someone in the community to go rogue and when that happens, catastrophe will befall.

As far as I am concerned, I think I will switch back to my ISPs DNS server. I have lost faith in the OpenDNS service and I would rather than someone put more effort to misdirect me than do it so easily. 

UPDATE: All major sites are down. twitter.com, facebook.com and many more. The culprit in all these cases are one ‘Younus Saleem Saifullah’.

UPDATE: I changed my DNS service back to BSNL’s DNS and now I am able to open gmail, twitter, facebook and everything else. Bye Bye OpenDNS, may you rest in peace. 


Sponsored Content



A few related posts