Despite Dan Kaminsky's efforts to cover up details of the critical DNS vulnerability he found, an employee of matasano security company leaked the information on his blog, although the article was immediately deleted, but someone has obtained the information and posted it elsewhere. Kaminsky
He posted an emergency message on his blog. Patch it quickly. Don't go to bed.
Opendns...
HD Moore, the author of metasploit, said hackers are stepping up their efforts to create attack tools. Today, attacks may occur later. Early this month, the ioactive Kaminsky
Published DNS
A very serious system vulnerability that allows attackers to easily forge any website, bank website, Google, Gmail, and other web mail websites.
Kaminsky discovered this vulnerability when working with multiple DNS vendors to develop security patches. Kaminsky announced at a press conference that the DNS was jointly developed by multiple vendors.
Patch, and appeal to DNS server owners to immediately update their systems.
However, when Kaminsky announced the vulnerability, he did not disclose the technical details so that the DNS system administrator could know the severity of the vulnerability. Kaminsky promised that the vulnerability would be implemented in Las next month.
At the Vegas Black Hat Security Conference, the vulnerability details were revealed. Before that, he reserved a month for the DNS system administrator to upgrade the system. Kaminsky
At the same time, they begged security experts not to try to guess the details of the vulnerability, but many people regard his pleading as a challenge.
German security expert Halvar
Flake first published vulnerability details. Kaminsky was asked to publish details in private to help system administrators upgrade the system. At the same time, some system administrators and security experts criticized
Kaminsky is hyping over the well-known DNS vulnerabilities of the past.
Matasano's founder, Thomas ptacek, once questioned the discovery of Kaminsky. However, when Kaminsky
After disclosing the details of the vulnerability to him in private, he will not speak out. Ptacek did not participate in the publication of vulnerability details, but as the founder of matasano, he still issued a statement to apologize for the incident.
The DNS vulnerability discovered by Kaminsky allows hackers to initiate a "Cache Poison attack" within 10 seconds, enabling the DNS server to direct users to malicious websites. Kaminsky
Said that this is a very serious bug that will affect any website. Kaminsky does not want to tell matasano how exactly the details are leaked, but calls on people to immediately upgrade DNS
System.
International Source: http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html
Source: comsharp CMS official website