Saturday Jan 20

Posts Tagged ‘DNS Vulnerability’

Update on the DNS Vulnerability: 0-day
Last Updated on Thursday, 31 July 2008 09:55
Written by JJ
Tuesday, July 22nd, 2008

A quick update on the DNS vulnerability.Based on posts and Twitters last night from Dan and the snippits of information I gleaned from fellow Security Twits and bloggers… I think we are all aware that the DNS vulnerability is now out in the open.

The team that discovered the vulnerability was due to release details of the exploit at BlackHat (in 2 weeks). However, someone has reverse-engineered the vulnerability and released the details. The contents, or portions of the exploit were accidentally posted on a very prominent security blog yesterday then quickly removed. (Don’t ask, that’s a whole ‘nother story).

If your DNS server has not been patched, you are vulnerable now. More info on Dan’s (discoverer’s) site .  You’ll notice his 13 > 0 post... letting us know instead of 13 days you now have 0. 

If you haven’t patched your DNS server(s), please see my previous DNS vulnerability post, follow the links included for more information and instructions. Consider yourself now at risk.

# # #

Tags:   |  Posted under Industry Insider  |  Comments  Comments Off on Update on the DNS Vulnerability: 0-day
‘The’ DNS Issue of 2008
Last Updated on Thursday, 31 July 2008 09:22
Written by JJ
Thursday, July 10th, 2008

It’s been a day since the public announcement, so by now you’ve probably heard about the DNS issue. The bug was found earlier this year, but the discoverer (Dan Kaminsky) and team worked fervently with leaders of the technology industry to create patches for all platforms before the big announcement. And- kudos to them all for keeping zipped lips until the problem could be contained (despite all the heckling and harassing).

You can find out a little more right now– I’m including some links below for you to read more.

If you don’t know what DNS is or why you care, see the bottom of this post for a little background info.

As for the real deal on disclosure– you’ll have to wait for Black Hat in August. I’ll be there, along with other members of the Security Bloggers Network (a (non-exclusive but highly visible and well-respected) security bloggers channel for Black Hat and RSA). I’m sure you’ll see *plenty* of post-Black Hat blogs, tweets and podcasts recapping the story.

Hear the buzz…


What is a DNS Server? DNS are servers throughout the Internet (and inside networks) that resolve domain names (ie to the IP address of the hosting server. The idea is, if you can trick a DNS server, your request for may just take you to a malicious site where you’ll be immediately infected with a virus, malware or other undesirable creepy Internet-bred monster. They’ve found a bug that could be exploited to do just that.

What do we do? It’s not the end of the world. For now, know that almost all DNS servers need to have a patch installed to protect them from this vulnerability. It’s pretty universal and every manufacturer is on board and offering a patch as of yesterday, July 8th.

# # #

Tags: , ,   |  Posted under Industry Insider, Network Niblets  |  Comments  Comments Off on ‘The’ DNS Issue of 2008

More Content

Find more of my content at
- Low Tech Hacking book
- Dark Reading
- Network Computing
- SearchSecurity
- TechTarget

Get Social



Enter your email address:

Delivered by FeedBurner