- Joined
- Apr 14, 2003
- Messages
- 1,136
- Reaction score
- 18
Hi I just read this on Google News:
One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon.
Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. "It's not that hard," he said. "You're not looking at a DNA-cracking effort."
The author of one widely used hacking tool said he expected to have an exploit by the end of the day Tuesday. In a telephone interview, HD Moore, author of the Metasploit penetration testing software, agreed with Aitel that the attack code was not going to be difficult to write.
The flaw, a variation on what's known as a cache poisoning attack, was announced on July 8 by IOActive researcher Dan Kaminsky, who planned to disclose full details of the bug during an Aug. 6 presentation at the Black Hat conference.
That plan was thwarted Monday, when someone at Matasano accidentally posted details of the flaw ahead of schedule. Matasano quickly removed the post and apologized for its mistake, but it was too late. Details of the flaw soon spread around the Internet.
Full story link from PC World Magazine: http://www.pcworld.com/businesscenter/article/148784/with_dns_flaw_now_public_attack_code_imminent.html
Other takes on the issue:
Wired Magazine - http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html
Channel Web - http://www.crn.com/security/209400660
Earlier sory (before leak) - http://www.techworld.com/security/news/index.cfm?newsid=102110&pn=1
One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon.
Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. "It's not that hard," he said. "You're not looking at a DNA-cracking effort."
The author of one widely used hacking tool said he expected to have an exploit by the end of the day Tuesday. In a telephone interview, HD Moore, author of the Metasploit penetration testing software, agreed with Aitel that the attack code was not going to be difficult to write.
The flaw, a variation on what's known as a cache poisoning attack, was announced on July 8 by IOActive researcher Dan Kaminsky, who planned to disclose full details of the bug during an Aug. 6 presentation at the Black Hat conference.
That plan was thwarted Monday, when someone at Matasano accidentally posted details of the flaw ahead of schedule. Matasano quickly removed the post and apologized for its mistake, but it was too late. Details of the flaw soon spread around the Internet.
Full story link from PC World Magazine: http://www.pcworld.com/businesscenter/article/148784/with_dns_flaw_now_public_attack_code_imminent.html
Other takes on the issue:
Wired Magazine - http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html
Channel Web - http://www.crn.com/security/209400660
Earlier sory (before leak) - http://www.techworld.com/security/news/index.cfm?newsid=102110&pn=1