Hackers Exploit Significant DNS Flaw

By Greg McNevin

July 28, 2008: A significant new threat to DNS, part of the fundamental infrastructure that directs traffic and makes the internet work, was discovered a few months ago, and while a patch to address the weakness is out, hackers have wasted no time deploying an exploit.

If exploited, the flaw enables a cyber criminal to basically hijack traffic and direct it wherever they desire, and in a manner transparent to the end user.

Discovered by security researcher Dan Kaminsky a few months ago, details of the exploit were supposed to be kept secret to enable a patch to be developed and distributed before hackers had time to exploit the vulnerability.

However, thanks to an accidental blog post from a Matasano Security employee, the details were exposed leading to a malicious exploit being developed a mere four-days later.

Those most at risk are service providers and other web hosts, 86 percent of whom were vulnerable to the flaw before the patch was released. Many have responded hastily to update their servers, however, despite the patch now being out for a fortnight now Kaminsky says that 52 percent of DNS servers are still vulnerable to the attack.

To check vulnerability or for more information on the exploit or patch, see Kaminisky’s website, www.doxpara.com.

Comment on this story