With details of the Domain Name System flaw discovered now public and attack code in the wild, security researcher Dan Kaminsky once again is urging IT administrators to patch promptly.
The bug can be exploited to poison DNS caches and re-direct Internet traffic to malicious sites. Kaminsky, director of penetration testing at IOActive, held a press conference roughly two weeks ago to discuss the flaw, which he uncovered earlier this year.Technical details were kept under wraps by vendors and a handful of others until recently, when hacker and Zynamics CEO Halvar Flake speculated about the details of the flaw, and Matasano Security confirmed it on a blog and provided additional information. The blog entry was quickly taken down. Other security researchers also speculated on the flaw as well, and over the past two days HD Moore, creator of the Metasploit penetration testing framework, and a hacker going by the name “I)ruid,” published attack code on security mailing lists and the Computer Academic Underground Web site.”It’s no longer (about) patching your network for -I don’t know,'” Kaminsky said during a Web cast July 24. “It’s patching your network for an exploit that’s going to destroy us.”Several vendors issued patches for the flaw earlier this month, including Microsoft and Cisco. A number of suggested workarounds have also been made public.If those using a vulnerability assessment tool Kaminsky put on his site are any indication, many IT administrators have already started the patching process. According to the researcher, the number of people his tool found to be vulnerable has dropped dramatically, from a high of 86 percent between roughly July 8 and July 13 to 52 percent more recently.
“Maybe that’s not perfect, but I’ll take 52 over 86 any day of the week, and twice on Sunday,” Kaminsky added.
