When he discovered a vulnerability in Domain Name System servers about six months ago, IOActive security researcher Dan Kaminsky kept quiet and worked covertly with other security experts to come up with a patch. Kaminsky and his colleagues released the fruit of their labor two weeks ago, and they planned to wait "at least a month" before finally releasing details to the public. However, AFP reports that malicious hackers caught wind of the vulnerability first.
The leak is bad news, because it means some users may no longer be able to trust their Internet service providers to serve them the right sites. For instance, when a user types "www.bankofamerica.com" into his web browser, an unpatched DNS server on the other end of the line could forward him to a malicious phishing page. AFP says attackers may use a technique called cache poisoning to exploit the vulnerability and mis-configure DNS servers.
The news agency quotes Kaminsky as saying, "We are in a lot of trouble." He added, "This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch." Concerned users can hit the security researcher's blog for a DNS checker web application that sees whether their DNS servers have the patch installed. Kaminsky's blog also details the vulnerability in layman's terms, for those interested.
|Aerocool's Project 7 P7-C1 Pro case reviewed||6|
|Google Project Tango is dead—long live ARCore||9|
|Thermaltake Sync box bridges RGB LED walled gardens||3|
|Intel tips off potential 960 GB and 1.5 TB Optane SSD 900Ps||8|
|Sapphire Nitro+ Radeon RX Vegas put a big chill on spicy-hot chips||22|
|Antec P110 Silent touts quiet looks and quiet operation||11|
|Updated LG Gram laptops put heavy-duty power into feathery bodies||19|
|Monkey Day Shortbread||14|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||6|