When he discovered a vulnerability in Domain Name System servers about six months ago, IOActive security researcher Dan Kaminsky kept quiet and worked covertly with other security experts to come up with a patch. Kaminsky and his colleagues released the fruit of their labor two weeks ago, and they planned to wait "at least a month" before finally releasing details to the public. However, AFP reports that malicious hackers caught wind of the vulnerability first.
The leak is bad news, because it means some users may no longer be able to trust their Internet service providers to serve them the right sites. For instance, when a user types "www.bankofamerica.com" into his web browser, an unpatched DNS server on the other end of the line could forward him to a malicious phishing page. AFP says attackers may use a technique called cache poisoning to exploit the vulnerability and mis-configure DNS servers.
The news agency quotes Kaminsky as saying, "We are in a lot of trouble." He added, "This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch." Concerned users can hit the security researcher's blog for a DNS checker web application that sees whether their DNS servers have the patch installed. Kaminsky's blog also details the vulnerability in layman's terms, for those interested.
|Acer's Predator Z35P is on the hunt for a high-end gaming rig||9|
|Fractal Design finds a new Focus on entry-level cases||6|
|Intel plans to integrate Thunderbolt into future CPUs||18|
|Cooler Master polishes the Cosmos II for a 25th Anniversary edition||9|
|Huawei opens up three new Windows 10 notebooks||10|
|Corsair Commander Pro takes charge of case fans and lighting||7|
|National Taffy Day Shortbread||11|
|LG's X Venture has a beefy battery and a heavy-duty build||18|
|Agon AG251FG can do 2560x1440 or 240Hz||22|