DNS exploit code is in the wild

The urgency to patch clients and servers rises to a fever pitch as code to attack the Internet is released. Two Black Hat presenters had conflicted over the timing of the code release.

As of Wednesday, an exploit code allowing someone to attack the domain name system (DNS) was available in various places on the Internet.

On July 8, IOActive researcher Dan Kaminsky disclosed a flaw in the DNS but would not provide the details until all the affected vendors had released patches and all the systems worldwide could be patched. He figured that it would take about 30 days for that to happen.

The 30-day mark just happened to coincide with his speaking engagement at Black Hat in Las Vegas on August 6.

But on Monday, fellow Black Hat presenter Halvar Flake attacked Kaminsky's plea that a security flaw such as this be kept a secret. Flake then proceeded to lay out what he thought the flaw was. Turns out, he was right and laid the foundation for others to create and publicize an exploit.

On Thursday, Kaminsky will be a guest on the second Black Hat Webinar. This is the second of what is hoped to be a monthly series produced by the conference. Kaminsky will be joined by Jerry Dixon, former director of the Department of Homeland Security's cybersecurity division; Rich Mogull, founder of Securosis; and Joao Damas, a senior program manager at the Internet Systems Consortium. The Webinar begins at 1 p.m. PT.

To see if your connection to the Internet is vulnerable to DNS cache posioning, use this test on Kaminsky's site. As of Monday, researcher Neal Krawetz was reporting that servers at several high-profile ISPs remained vulnerable.

Tags:
Security
About the author

    As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    Saving your life at speed and in style

    Volvo have been responsible for some of the greatest advancements in car safety. We list off the top ways they've kept you safe today, even if you don't drive one.