With IT taking on more roles in our finances, security is getting tighter and pushing the world’s best hackers into higher sophistication. If a virus on a single school computer is a small rash, then a DNS attack like those on presently is the HIV of the internet. According to Kaminsky 52% of DNS servers are still at risk.

A website doesn’t really have a name, facebook isn’t really at facebook.com, it’s really at  69.63.178.11, Zakomedia.com is at 79.170.40.33

These numbers (known as IP) make no sense to a human, could you imagine it printed on your business card? The domain name was born. If your house were a website, it’s longitudal and latitudal coordinates would be the IP address and the domain name would be your postal address.

So when you type ‘facebook.com’ into the address bar, your computer sends this request to your ISP’s DNS. (In my case, Virgin Media) Virgin’s DNS server has a list and checks facebook in this list to determine it’s IP. If it can’t find it, it forwards the request to the next nearest DNS and this can go on. Eventually they will come back with the correct IP and send you to the correct website.

The security flaw affects just over 1/2 of these DNS servers and would enable someone to add a false IP to a name. This means a request to ‘www.natwest.com’ could give a false IP reading and send you to another site made up to look like the original and ask you to log in with your bank details… www.natwest.com would still appear in the address bar and you would be none the wiser until every penny was drained from your account to an unnamed Swiss account holder.

The truth is that DNS owners have known about this problem for about 2 weeks and many have still done nothing about them! This puts us, the consumers at a serious risk! 52% of the world could be lead to the wrong banking site to input their details… that’s not a gamble I’m willing to take!

So without trying to scaremonger, there is a way of testing whether or not you are likely to be affected. Go to http://www.doxpara.com/ and use the ‘Check DNS’ button on the right. Ignore the messages below, but read the text which appears. It doesn’t say you ARE affected, it simply tells you if your local DNS is at risk or patched to avoid this threat. If it is at risk, avoid sending sensitive data online. (i.e. banks, logins etc.) Reading the news, weather, and checking mail with outlook or outlook express should be fine. You can resume normal activity when a new test confirms you are ok. If you’re DNS comes out with the message:

xx.xx.xx.xx has other protections above and beyond port randomization against the recently discovered DNS flaws. There is no reason to be concerned about the results seen below.

Then you can be happy and relax in the knowledge that your ISP (whether it’s BT, AOL, Virgin etc) has it’s customers in mind and is keeping you secure.

What would happen if your web designer disappeared tomorrow? or if someone managed to hack into your web site? Things have been known to go wrong, and if they go, it can make your life agony.

Why would anyone want to hack my web site?

Chances are they don’t, however your website is probably on a server or network which holds tens, hundreds, thousands or even hundreds of thousands of other websites. If any of those become a target, yours could be affected.

… to make your life easier in any eventuality, you only need to take a few steps…

There are four parts to your site: Domain name, Hosting, Website files, and Database (optional).

You need to make sure that you and/or your future designer can take over quickly with the minimum of hassle.

Website files – When your website is complete, either ask your current designer for the files on CD or have them zipped and emailed to you for backup. If you know how to FTP, get the ftp details so you can do it yourself at regular intervals if necessary. Or there is sometimes a ‘backup’ option if you can gain access to the control panel for your site.

Database – Not all sites, but most now have databases. These need to be accessed separately. If you have access to your control panel, the ‘backup’ option usually backs up the database with the files so you should be OK. If not, use a MySQL or SQL export to do so. (Get your designer to walk you through the steps)

Hosting – Is your site hosting with a major company or directly with the web designer? If the latter, this could disappear with them if things go wrong. It’s easily replaceable however so don’t worry about keeping hold of it.

Domain name – If your domain name is a .co.uk, goto nic.uk (or nic.com for .com/.net/.org) Make sure that your name is listed by the registrant details and not your designer. This means if worse comes to the worse, you have easy access to moving it with you, if it’s not. Ask your web designer if it can be changed. (If you’ve opted out, it may look blank although you will still be assigned to it)

If you make regular updates to the site, make sure you keep regular backups of both the site files and database. If you run an online shop, just the database should suffice. Just double-check with your designer for specific information.

Ultimately you should now have a CD of files and database, control panel login and password and/or ftp login and password. This means if things go wrong, everything can be restored relatively quickly.

If necessary, this disk and password can go to your current designer or a new one and you should be back up and running with the minimum amount of data loss.

Remember, insurance can replace your equipment but it can’t replace your data.