Dan Kaminsky to cover DNS he found serious vulnerabilities, a Matasano security company employees or on his blog leaked this information, although the article be deleted immediately, but someone has to get these data, and published elsewhere. Kaminsky posted an urgent message on his blog, quickly patched, don’t sleep, use OpenDNS…
HD Moore, Metasploit author, said hackers are stepping up the production of attack tools, today’s attacks will occur later. Earlier this month, IOActive Kaminsky announced a serious flaw in the DNS system, the vulnerability will cause the attacker to easily forge any website, the bank website, Google, Gmail and other Web mail website.
Kaminsky is in the same multi DNS system developers to develop a security patch when the vulnerability found. Kaminsky at the press conference announced the DNS patch developed by a number of vendors, and called on DNS server owners to immediately update their system.
Kaminsky announced this loophole, did not disclose the related technical details, so that the DNS system administrator knows its severity, Kaminsky promises to disclose the details of the vulnerability in the Las Vegas black hat security conference next month, before this, he gave DNS the system administrator has reserved a month’s time to upgrade the system. Kaminsky also appealed to security experts not to try to speculate on the details of the vulnerability, but many people regard his plea as a challenge.
security expert Halvar Flake first published the details of the vulnerability, Kaminsky had been asked privately published details, help the system administrator to upgrade the system, at the same time, some system administrators and security experts accused the Kaminsky of being with those in the past the hype as everyone knows DNS vulnerabilities.
Matasano founder Thomas Ptacek has also questioned the discovery of Kaminsky, but when Kaminsky privately revealed to him after the details of the leak will no longer sound. Ptacek did not participate in the details of the release of the vulnerability, but as the founder of Matasano, he still issued a statement to apologize for this incident.
Kaminsky found that the DNS vulnerability will allow hackers to launch a cache poison attack within 10 seconds, so that the DNS server will guide users to malicious sites. Kaminsky says that this is