A Quarter Of DNS Servers Still Vulnerable

Maybe DNS should stand for Do Not Secure. Half a year after the announcement of of a Domain Name System flaw and about a quarter of the DNS servers that should have been patched haven't been.Six months, you'd think, is plenty of time to get the world's domain name servers patched against the cache poisoning vulnerability revealed and widely discussed, well, six months ago.

You'd think that more readily, of course, if you hadn't seen just this sort of lax, sloppy approach to patches taken before, both by businesses and consumers.

So probably we shouldn't be surprised that, according to new survey research undertaken by Infoblox and The Measurement Factory, 25 percent of the DNS servers that were vulnerable half a year ago still are.

While there's some noise being made about the 75 percent patch rate actually being better than expected,that's clearly a semi-silk purse at best. The sow's ear is the huge number of unpatched machines still out there, still vulnerable, operated by companies that, it seems safe to suppose, just don't care.

An Executive Summary of the Infoblox/Measurement Factory DNS findings is here.

Infoblox has a nice collection of technical information related to DNS Best Practices here.