Back in 2008, Domain Name System (DNS)[1] server cache poisoning was a big deal[2]. By redirecting the results from DNS with misleading Internet Protocol (IP) addresses, hackers could redirect your web browser from the safe site you wanted to a fake one loaded with malware. Fixes were discovered and DNS cache poisoning attacks became rare. Now, thanks to a discovery by the University of California at Riverside[3] researchers, a new way has been found to exploit vulnerable DNS caches: Sad DNS[4].
Here's how it works: First, DNS is the internet's master address list. With it, instead of writing out an IPv4 address like "173.245.48.1," or an IPv6 address such as "2400:cb00:2048:1::c629:d7a2," one of Cloudflare[5]'s many addresses, you simply type in "http://www.cloudflare.com[6]," DNS finds the right IP address for you, and you're on your way.
With DNS cache poisoning, however, your DNS requests are intercepted and redirected to a poisoned DNS cache. This rogue cache gives your web browser or other internet application a malicious IP address. Instead of going to where you want to go, you're sent to a fake site. That forged website can then upload ransomware to your PC or grab your user name, password, and account numbers. In a word: Ouch!
Modern defense measures -- such as randomizing both the DNS query ID and the DNS request source port, DNS-based Authentication of Named Entities (DANE)[7], and Domain Name System Security Extensions (DNSSE)[8] -- largely stopped DNS cache poisoning. These DNS security methods, however, have never been deployed enough[9], so DNS-based attacks still happen.
Now, though researchers have found a side-channel attack that can be successfully used against the most popular