The need for email archiving
Without an effective system for archiving emails, organisations can find themselves unable to recover vital business records, leaving them open..
ZDNet UK / News and Analysis / Security / Security Management
First attacks on DNS flaws reported
Topics
NEWS
The first attacks that are likely to have stemmed from a serious Domain Name System flaw have been reported.
The existence of the Domain Name System (DNS) flaw, which could be used to redirect browsers to malicious sites, was revealed at the start of July by security researcher Dan Kaminsky. Multiple vendors, including Microsoft and Cisco, have already issued patches to counteract any attacks.
However, code that could act as a blueprint for an attack via the flaw was published on Wednesday by Metasploit, which provides penetration-testing tools. On Friday, a user named James Kosin posted an excerpt from a server log to a Fedora Linux mailing list, claiming it proved attacks based on the DNS flaw had begun.
"The DNS attacks are starting," read Kosin's post. "Below is a snippet of a logwatch from last night. Be sure all DNS servers are updated if at all possible. The spooks are out in full on this security vulnerability in force. This is your last warning... Patch or upgrade now!"
Approached via email to discuss his post, Kosin appeared to retreat from saying the activity he had observed was definitely an attack. "I can't prove or disprove any claim that it is an exploit of the flaw other than to say it started about a week ago," he told ZDNet.co.uk. "I'd already updated the server's DNS application, so I'm taking an educated stab in the peripheral internet here in saying it is a good possibility of being a possible exploit."
Carl Leonard, a threat research manager for the security company Websense, who reported Kosin's post, said his company had still not seen any attack reports in its own systems. However, he said Websense does "expect to" see such reports. "The exploit code is available and people still need to patch systems," he said. "It's kind of a waiting game at the moment."
The flaw in question is inherent to the DNS — the part of the internet's infrastructure that takes a human-readable web-address request and finds the corresponding numeric IP address. The nodes of the DNS are nameservers and, if one of those is left unpatched, the new attack code could fool the server into redirecting user requests to phishing sites or other malware-hosting sites.
Those who need to apply the patch are mostly internet service providers (ISPs) and companies that run their own nameservers. Users can check if their nameservers are vulnerable through a tool hosted on Kaminsky's blog.
Related stories
Post your comment
In order to post a comment you need to be registered and logged in
Log in or create your ZDNet UK account below
By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Community FAQ
ZDNet UK Live
Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/bcjQtY
6 seconds ago on Twitter by nikeshoes998
Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/9GWZRh
7 seconds ago on Twitter by mensapparel2010
Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/bPLHL8
7 seconds ago on Twitter by womensapparel20
Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/bVw3F2
8 seconds ago on Twitter by lisabarnes001
Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/cDUyaj
45 minutes ago on Twitter by KC616 free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/cWcW1e
45 minutes ago on Twitter by KC616
Cyberwar defence plan is essential, says former CIA head: Michael Hayden, former head of the CIA and the National ... http://bit.ly/beLpKQ
1 hour ago on Twitter by SpyScroll
SAP leads businesses into augmented reality http://bit.ly/9eMWYp | #Droid #Android
1 hour ago on Twitter by Droid_News
free shipping wholesale products: We mainly supply top mirror quality brand name products, such as wholesale handb... http://bit.ly/cWcW1e
2 hours ago on Twitter by wholesalegurru
Cyberwar defence plan is essential, says former CIA head: Michael Hayden, former head of the CIA and the N... http://bit.ly/9sn6ax #pdln4nx
2 hours ago on Twitter by CNSInstructor
Oracle signs Solaris deals with HP and Dell http://bit.ly/9KVeqD
2 hours ago on Twitter by AllAboutFashion
SAP leads businesses into augmented reality http://bit.ly/9eMWYp | #Droid #Android
2 hours ago on Twitter by Droid_Phone TalkTalk to sell mobile services via Vodafone deal http://bit.ly/bLVfxI | #Droid #Android
2 hours ago on Twitter by Droid_Phone Oracle signs Solaris deals with HP and Dell: Find the answers in the Community FAQ free shipping wholesale product... http://bit.ly/cDUyaj
2 hours ago on Twitter by wholesalegurru free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/cWcW1e
2 hours ago on Twitter by wholesalegurru
DoJ joins whistleblower in Oracle fraud suit http://bit.ly/bMT3SJ
2 hours ago on Twitter by felixsprisci
Update: free shipping wholesale products - ZDNet UK (... http://www.actahandbags.com/trends/free-shipping-wholesale-products-zdnet-uk-blog/
2 hours ago on Twitter by actatrudy free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/bRvFgG
2 hours ago on Twitter by lisabarnes001 free shipping wholesale products: Read more »h handbags,NIKE shoes, jewelry, watches, and jacket and so on. We gua... http://bit.ly/9CXYG9
2 hours ago on Twitter by mensapparel2010Latest in Security Management
Featured white papers
Dell Data Storage Summary
This study was conducted in the United States amoung IT decision makers with involvement in data centre purchases at companies..
Datasheet: Infrastructure as a Service
'Infrastructure as a Service' gives enterprises the flexibility to subscribe to the compute power and storage they require today with 'pay..
Talkback
I think this tool is of questionable value. I have tried testing from work and from home, and get results that I am using name servers that are in no way related to the ones I have entered in my system configurations. I have checked with my ISP and with our DNS server admins at work, they have patched their systems. This tells me that the tool is somehow producing bad results.