When he discovered a vulnerability in Domain Name System servers about six months ago, IOActive security researcher Dan Kaminsky kept quiet and worked covertly with other security experts to come up with a patch. Kaminsky and his colleagues released the fruit of their labor two weeks ago, and they planned to wait "at least a month" before finally releasing details to the public. However, AFP reports that malicious hackers caught wind of the vulnerability first.
The leak is bad news, because it means some users may no longer be able to trust their Internet service providers to serve them the right sites. For instance, when a user types "www.bankofamerica.com" into his web browser, an unpatched DNS server on the other end of the line could forward him to a malicious phishing page. AFP says attackers may use a technique called cache poisoning to exploit the vulnerability and mis-configure DNS servers.
The news agency quotes Kaminsky as saying, "We are in a lot of trouble." He added, "This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch." Concerned users can hit the security researcher's blog for a DNS checker web application that sees whether their DNS servers have the patch installed. Kaminsky's blog also details the vulnerability in layman's terms, for those interested.
|Asus Tinker Board gives the Raspberry Pi 3 a run for its money||7|
|Asus ROG Maximus IX Formula chills with an EKWB waterblock||0|
|Deals of the week: high-powered graphics cards, monitors, and more||5|
|Eurocom Tornado F5 SE mobile server can eat desktops for lunch||6|
|Microsoft releases Pix DX12 tuning and debugging tool for Windows||13|
|Cryorig's QF140 fans offer a choice of silence or performance||15|
|SteelSeries' Apex M500 keyboard reviewed||11|
|Radeon Pro Duo price drops could herald Vega's arrival||24|
|Seagate lets loose 1TB and 2TB Enterprise hard drives||20|