<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] Massive, Coordinated Patch To the DNS Released
- To: ga@xxxxxxxxxxxxxx
- Subject: [ga] Massive, Coordinated Patch To the DNS Released
- From: George Kirikos <gkirikos@xxxxxxxxx>
- Date: Tue, 8 Jul 2008 13:02:22 -0700 (PDT)
Hello,
As reported on Slashdot:
http://it.slashdot.org/article.pl?sid=08/07/08/195225
"Early this year, researcher Dan Kaminsky discovered a basic flaw in
the DNS that could allow attackers easily to compromise any name
server;"
http://securosis.com/publications/DNS-Executive-Overview.pdf
"This is the largest synchronized security update in the history of the
Internet, and is the result of hard work and dedication across dozens
of organizations."
"Using this issue, an attacker could easily take over portions of the
Internet and redirect users to arbitrary, and malicious, locations. For
example, an attacker could target an Internet Service Provider (ISP),
replacing the entire web -- all search engines, social networks, banks,
and other sites -- with their own malicious content."
This is exactly why registry operators should NEVER be judge, jury and
executioners when it comes to alleged domain abuse, as they could
inflict damage upon innocent victims. Read the advisory --- ANY name
server (and thus all the domains on that nameserver) could have been
compromised.
Sincerely,
George Kirikos
http://www.kirikos.com/
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|