<<<
Chronological Index
>>> <<<
Thread Index
>>>
[ga] Details of DNS Flaw Leaked; Exploit Expected by End of Today
- To: <steve@xxxxxxxxxxxxxxxx>, <dave.piscitello@xxxxxxxxx>, <ga@xxxxxxxxxxxxxx>
- Subject: [ga] Details of DNS Flaw Leaked; Exploit Expected by End of Today
- From: "Prophet Partners Inc." <Domains@xxxxxxxxxxxxxxxxxxx>
- Date: Wed, 23 Jul 2008 00:40:04 -0400
http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html
"Despite Dan Kaminsky's efforts to keep a lid on the details of the critical
DNS vulnerability he found, someone at the security firm Matasano leaked the
information on its blog yesterday, then quickly pulled the post down. But not
before others had grabbed the information and reposted it elsewhere, leading
Kaminsky to post an urgent 0-day message on his blog reading, "Patch. Today.
Now. Yes, stay late."
Hackers are furiously working on an exploit to attack the vulnerability. HD
Moore, creator of the Metasploit tool, says one should be available by the end
of the day.
Earlier this month, Kaminsky, a penetration tester with IOActive, went public
with information about a serious and fundamental security vulnerability in the
Domain Name System that would allow attackers to easily impersonate any website
-- banking sites, Google, Gmail and other web mail websites -- to attack
unsuspecting users."
If ICANN hasn't done so already, it would be wise to immediately notify all
ICANN registries and registrars about the exploit and the urgency to implement
the security patches.
Sincerely,
Ted
Prophet Partners Inc.
http://www.ProphetPartners.com
http://www.Premium-Domain-Names.com
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|