DNS exploit code is in the wild

The urgency to patch clients and servers rises to a fever pitch as code to attack the Internet is released. Two Black Hat presenters had conflicted over the timing of the code release.

As of Wednesday, an exploit code allowing someone to attack the domain name system (DNS) was available in various places on the Internet.

On July 8, IOActive researcher Dan Kaminsky disclosed a flaw in the DNS but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured that it would take about 30 days for that to happen.

The 30-day mark just happened to coincide with his speaking engagement at Black Hat in Las Vegas on August 6.

But on Monday, fellow Black Hat presenter Halvar Flake attacked Kaminsky's plea that a security flaw such as this be kept a secret. Flake then proceeded to lay out what he thought the flaw was. Turns out, he was right and laid the foundation for others to create and publicize an exploit.

On Thursday, Kaminsky will be a guest on the second Black Hat Webinar. This is the second of what is hoped to be a monthly series produced by the conference. Kaminsky will be joined by Jerry Dixon, former director of the Department of Homeland Security's cybersecurity division; Rich Mogull, founder of Securosis; and Joao Damas, a senior program manager at the Internet Systems Consortium. The Webinar begins at 1 p.m. PT.

To see if your connection to the Internet is vulnerable to DNS cache posioning, use this test on Kaminsky's site. As of Monday, researcher Neal Krawetz was reporting that servers at several high-profile ISPs remained vulnerable.

Tags:
Security
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    Tech industry's high-flying 2014
    Uber's tumultuous ups and downs in 2014 (pictures)
    The best and worst quotes of 2014 (pictures)
    A roomy range from LG (pictures)
    This plain GE range has all of the essentials (pictures)
    Sony's 'Interview' heard 'round the world (pictures)