Wednesday, 12 August 2015

Researcher Warns Of DNS Vulnerability In Windows 10

The way Windows handles 10 with DNS requests causes the ISP or the provider of a Wi-Fi network can see what websites are being visited, although there is a VPN (Virtual Private Network) use. Before that warns a Russian researcher.

Windows 10 sends DNS requests to all available network interfaces. These requests are used for example in order to find the location of a web site. The functionality to send the requests to all interfaces are already present in Windows since Windows 8. According to the researcher using the alias "ValdikSS" Microsoft has probably done to accelerate the process, such as a DNS server is unreachable. In this case the answer of a second DNS server is used. However, this ensures that all leaks DNS requests via the network interface, allowing the ISP or provider of the Wi-Fi network can monitor all websites visited.

In the case of Windows 8, the feature that makes this be disabled via the Windows Registry. Even sent Windows 8 and 8.1 all DNS requests through the public interface, DNS spoofing would when using a VPN, however, are tricky. In DNS spoofing is the wrong response to the DNS request from the user data, so for example, will be redirected to a malicious website. In the case of Windows 8 and 8.1 would be the spoofed DNS request will be accepted only if the primary DNS server, which goes through an encrypted VPN connection does not answer.

Windows 10

Windows 10 has changed this, the researcher says. Not only does Windows 10 sends DNS requests to all interfaces, then using the fastest answer arrives. This allows the ISP or provider of the Wi-Fi network can DNS "very straightforward and trustworthy" hijack, warns the researcher. In addition, the option in Windows 10, which for this purpose ensures not to switch off via the Windows Registry. The only solution, according to the researcher is not completely reliable, is to set the DNS servers on the network interface.

No comments:

Post a Comment