The first attackware strategies based on the widespread DNS flaw announced earlier this month have been spotted. If you haven't patched yet, do it now, before it's too late. (Some say it's already too late.)
The first attackware strategies based on the widespread DNS flaw announced earlier this month have been spotted. If you haven't patched yet, do it now, before it's too late. (Some say it's already too late.)The Domain Name System (DNS) flaw announced -- but without specific details of its nature being given -- two weeks or so ago is so widespread, affecting products from more than eighty software and manufacturers, that a mass fix, accompanied by critical warnings about the vulnerability are now being superseded by critical warnings that the first DNS hole exploit approaches and attack strategies have been spotted.
Things were bad two weeks ago -- bMighty had the story here, the day after the flaw was announced -- and they're worse now. At least for anyone who hasn't patched: and for small and midsize businesses that may well mean outside vendors and service providers as well as internally maintained servers.
The DNS system routes urls -- i.e., bmighty.com etc. -- to the proper destination via the numerical address system the Internet rests upon.
By "poisoning" the DNS cache, crooks and hackers can redirect your traffic -- and your customers' -- to illegitimate sites, stealing information, setting you up for malware infection, and so on.
While the details of the DNS vulnerability were kept quiet by Dan Kaminsky, who discovered the hole, details emerged anyway, resulting in Kaminsky's minimalist, scary posting: "Patch. Today. Now."
Do it -- and make sure that your vendors, partners, service providers, customers and employees running servers do it too; before it's too late, unless it already is.
A list of affected systems is here (scroll down): if yours is on the list, check with your manufacturer, get the patch and install it now.
Now.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024