One day after a security company accidentally posted details of a serious flaw in the Internet’s Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon. This flaw apparently allows Web surfers to be spoofed, directing them to fake Web sites to gain passwords and load malware on their computers.
The flaw was discovered weeks ago by Dan Kaminsky, a security expert at IOActive, who has worked with industry leading software developers investigating Internet vulnerabilities.
A flaw in the DNS caching of incoming requests makes it susceptible to malicious misdirection of Web traffic. If a DNS server does not have an IP address for a requested domain, it asks for this information from another DNS server.
If the clueless DNS server’s cache is fooled by malicious information, the user requesting the domain of a legitimate site can be redirected to a spoofed IP address. For example, if a DNS server is fooled into directing legitimate traffic from www.yourbanksite.com to a rogue site, every user hitting the legitimate site would be redirected to the rogue site.
In a Friday morning press conference, Kaminsky said that many of the patches released by various IT vendors and security firms reacting to his bug discovery (reported by CNet News.com) are at best temporary fixes to a more pervasive problem. Kaminsky added that he would be disclosing further findings at the Black Hat security conference in Las Vegas next month.
Source: Network Security
Filed under
Internet,
Security | Tags:
Cache,
DNS,
Internet Security,
IP,
Malware,
POP,
Server,
Vegas,
Web TRaffic | Comment Below
Related?
Security is a Big Concern for Websites of Major US Banks August 3rd, 2008 A new study from University of Michigan reveals that 75% of all US banks have security flaw. The security concern includes design flaws that expose passwords and are susceptible to tampering by attackers, researchers say.
Microsoft Announces Three Critical PatchesJune 6th, 2008 Microsoft plans to announce seven fixes for its upcoming June 10 issue of Security Bulletin. Three out of Seven are critical patches.
New Attack on IE7 Security Flaw is DetectedFebruary 18th, 2009 Microsoft recently announced fixes to address a critical security flaw that allows malicious web site to install Malware to an infected PC. The malware affects those Pc's that are running Excahnge and SQL Server.
Top 10 Benefits of Extreme ProgrammingMarch 29th, 2009 Extreme Programming (xp) is a methodology for software development. The key concept is that it works by bringing the whole team of your company together. The core idea of XP is Agile programming that is fast and flexible and Iterative development.
Microsoft Fixed Blaster Worm AttackJanuary 14th, 2008 Microsoft patches a critical flaw in the Windows operating system that could be used by criminals to create a self-copying computer worm attack. The software vendor released its first set of patches for 2008 on Tuesday, fixing a pair of networking flaws in the Windows kernel.
Security Flaws Reported in Firefox 3,0June 20th, 2008 The new version of the Firefox browser was downloaded over eight million times in its first 24 hours of release in what organisers claimed was a world record. But the success was overshadowed by reports that Firefox 3.0 contained a serious security flaw that potentially lets an attacker take over a PC if a user clicks on a booby-trapped link.
The Growth of Gmail Last Year (43%) is Major Concern for AOL and HotmailJanuary 15th, 2009 Google launched its Gmail service 4 yrs back after Yahoo Mail, AOL Mail, and Windows Live Hotmail. But, it witnessed a serious growth in the US during last year.
Oracle, Microsoft, RIM Released Impotant PatchesJanuary 13th, 2009 Oracle is supposed to release the update of critical patches on Tuesday. It includes 41 security patches in its database and enterprise software products.
