[ insider_reports_insider ]
Photobucket Hack Attributed To Critical DNS Flaw
David Utter
Staff Writer
2008-07-29
 Insider Reports RSS Feed
When photo sharing site Photobucket suffered an attack at the hands of Turkish hackers, it turns out they exploited the serious DNS vulnerability later detailed by security researcher Dan Kaminsky.
 | | Photobucket Hack Attributed To Critical DNS Flaw |  |
Exploit code isn't just in the wild now, following confirmation of how a critical DNS flaw can be hacked. Such code existed well before public attention accreted around the problem, which continues to pose a threat to unpatched DNS hardware.
Security vendor Trend Micro said the NDS problem took center stage for Photobucket in June. The company attributed the attack to NetDevilz, a Turkish group that bragged about their attention grab with the hack.
"Is there anyone who remembers us? We thought you forgot us and we decided to remind you again," they wrote, according to a rough translation of their message.
Trend Micro also noted the arrival of two add-ons to the Metasploit Project, which we cited last week. The security vendor said these BailiWicked assaults could result in an unprotected nameserver receiving an injection of host records, or replacement records for another nameserver.
A fix for the problem became available in early July, with the major vendors of DNS software urging adoption of the patch before details of the problem became public. However, not all systems requiring the patch have had it applied, a situation security pros have to address immediately with their nameservers.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
