# Attack code imminent for DNS flaw



## Jason (Jan 1, 2008)

One day after a security company accidentally posted details of a serious flaw in the Internet's Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon.

Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. "It's not that hard," he said. "You're not looking at a DNA-cracking effort."

View: The full story @ InfoWorld


----------



## tomdkat (May 6, 2006)

Thanks for the link. I find the comment by _cmaurand_ in the comments section of the article to be interesting:



> Go get powerdns (www.powerdns.com) it'll read your bind config and zone files and it was patched for this exploit nearly 2 years ago. Then you can move the backend to mysql and be done with it. *This flaw was first pointed out 9 years ago by the author of the djbdns who publicized a patch for it, then*.


Peace...


----------



## Jason (Jan 1, 2008)

Hackers have released software that exploits a recently disclosed flaw in the Domain Name System (DNS) software used to route messages between computers on the Internet. The attack code was released Wednesday by developers of the Metasploit hacking toolkit.

Internet security experts warn that this code may give criminals a way to launch virtually undetectable phishing attacks against Internet users whose service providers have not installed the latest DNS server patches. Attackers could also use the code to silently redirect users to fake software update servers in order to install malicious software on their computers, said Zulfikar Ramizan, a technical director with security vendor Symantec. "What makes this whole thing really scary is that from an end-user perspective they may not notice anything," he said.

View: The full story @ InfoWorld


----------

