DNS flaw exploitation danger growing
Slow patchers targeted by sophisticated attacks.
The serious vulnerability in the implementation of DNS systems has been targeted by malicious attacks, as security
watchers have been predicting since the flaw was first disclosed.
With many developers and service providers yet to implement patching regimes for the issue, those still leaving
their servers open for spoofing and redirection are beginning to see closely targeted and in some cases highly
evolved attacks aimed at hijacking traffic for profit.
After initial disclosure timed to coincide with the monthly Patch Tuesday set of security updates, example
exploit code was quickly made available, and Microsoft responded by issuing an
advisory alert on July 25th,
describing exploitation as 'likely imminent' and urging admins to patch their systems immediately. Since then
attacks in the wild have been confirmed.
One exploitation attempt was spotted by H.D. Moore of Metasploit, which includes example exploit code of
its own. The attack took advantage of US telecoms giant AT&T's slow response to the DNS issue, to
redirect customers to spoofed Google pages pushing advertising. More on the story is in the
Register here with
full details on Moore' blog
here.
Among others facing criticism for slow patching are Apple, who failed to respond urgently to the need to
update the BIND DNS system in use on its OSX Server platform. More details are
here.
01 August 2008
Tags:
dns, exploit, patch, vulnerability.
del.icio.us 
digg this
0 comments
Comments are closed.
