Smokey's Security Weblog

veritas odium parit

DNS Exploit Means Quick Patches Are Critical: patch immediately!

IOActive’s Dan Kaminsky discovered a flaw in the Internet’s Domain Name System (DNS) software, and with the attack code leaked by developers of the Metasploit hacking toolkit, security experts are saying that everything that uses DNS — from desktop PCs to mainframes — needs to be patched immediately, or network security is at risk.

Researchers have released software that exploits the recently leaked flaw in the Internet’s Domain Name System (DNS) software. That may mean IT admins are in for a long weekend of implementing and testing the patch.
IOActive researcher Dan Kaminsky discovered the bug earlier this month. The attack code was released Wednesday by developers of the Metasploit hacking toolkit, headed by the infamous HD Moore.

By exploiting this vulnerability, an attacker can redirect an ISP’s users to a malicious phishing server every time they try to visit a legitimate Web site. The patches released through various vendors should protect from the threat, but it may be a rush for some.

Andrew Storms, director of security for nCircle: “everything that uses DNS needs to be patched; desktop PCs, servers, routers, switches, firewalls and mainframes, and every vendor [like] Cisco, Sun, Microsoft and Apple,” he said. “Basically, this patch impacts the entire network from soup to nuts.”

Source: NEWSFACTOR.com

Advertisements

July 27, 2008 - Posted by | Advisories, Alerts, Malware, News, Recommended External Security Related Links, Vulnerabilities | , , , , , , , , , ,

1 Comment »

  1. […] An Illustrated Guide to the Kaminsky DNS Vulnerability Some time i mentioned already the Kaminsky DNS Vulnerability, e.g. in my post DNS Exploit Means Quick Patches Are Critical: patch immediately! […]

    Pingback by An Illustrated Guide to the Kaminsky DNS Vulnerability « Smokey’s Security Weblog | August 8, 2008 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: