[ insider_reports_insider ]
DNS Flaw Details Emerge
David Utter
Staff Writer
2008-07-22
 Insider Reports RSS Feed
Security pros have been urged to patch vulnerable DNS systems if they have not done so already.
 | | DNS Flaw Details Emerge |  |
A post by Halvar Flake regarding the critical but undisclosed DNS flaw being quietly patched apparently hit the mark.
Flake's hypothesis received a quickly-retracted confirmation from a security firm that had been briefed on the vulnerability. "We confirmed the severity of the problem then and, by inadvertently verifying another researcher's results today, reconfirm it today," Thomas Ptacek at Matasano Security said in an apologetic post.
Spoofing referrals to a nameserver could ultimately yield a way to bring legitimate DNS requests to a malicious system, according to Flake. Once the attacker manages to poison a DNS cache, people could be redirected from a legitimate destination to a bogus one.
"Patch. Today. Now. Yes, stay late," Dan Kaminsky, the DNS researcher who discovered the flaw and reported it to security vendors, said on his blog today.
The issue of whether or not this flaw was publicly disclosed inappropriately appears moot. A security advisory from earlier in July confirmed the existence of a problem with randomization of transaction IDs (TXID). Flake mentioned TXID as well, making it likely this flaw has been known for weeks already.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
