DNS Bug is Fixed to Patch the Internet
Makers of the software used to connect computers on the Internet collectively released software updates Tuesday to patch a serious bug in one of the Internet’s underlying protocols, the Domain Name System (DNS). The bug was discovered “by complete accident,” by Dan Kaminsky, a researcher with security vendor IOActive. Kaminsky, a former employee of Cisco Systems.
By sending certain types of queries to DNS servers, the attacker could then redirect victims away from a legitimate Web site — say, Bofa.com — to a malicious Web site without the victim realizing it. This type of attack, known as DNS cache poisoning, doesn’t affect only the Web. It could be used to redirect all Internet traffic to the hacker’s servers.
Although this flaw does affect some home routers and client DNS software, it is mostly an issue for corporate users and ISPs (Internet service providers) that run the DNS servers used by PCs to find their way around the Internet.
That massive bug-fix occurred Tuesday when several of the most widely used providers of DNS software released patches. Microsoft, Cisco, Red Hat, Sun Microsystems and the Internet Software Consortium, makers of the most widely used DNS server software, have all updated their software to address the bug.
Source: Robert McMillan, IDG News Service
Filed under Business News, Internet