ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Details of DNS Flaw Leaked; Exploit Expected by End of Today

  • To: <steve@xxxxxxxxxxxxxxxx>, <dave.piscitello@xxxxxxxxx>, <ga@xxxxxxxxxxxxxx>
  • Subject: [ga] Details of DNS Flaw Leaked; Exploit Expected by End of Today
  • From: "Prophet Partners Inc." <Domains@xxxxxxxxxxxxxxxxxxx>
  • Date: Wed, 23 Jul 2008 00:40:04 -0400

http://blog.wired.com/27bstroke6/2008/07/details-of-dns.html

"Despite Dan Kaminsky's efforts to keep a lid on the details of the critical 
DNS vulnerability he found, someone at the security firm Matasano leaked the 
information on its blog yesterday, then quickly pulled the post down. But not 
before others had grabbed the information and reposted it elsewhere, leading 
Kaminsky to post an urgent 0-day message on his blog reading, "Patch. Today. 
Now. Yes, stay late."
Hackers are furiously working on an exploit to attack the vulnerability. HD 
Moore, creator of the Metasploit tool, says one should be available by the end 
of the day.

Earlier this month, Kaminsky, a penetration tester with IOActive, went public 
with information about a serious and fundamental security vulnerability in the 
Domain Name System that would allow attackers to easily impersonate any website 
-- banking sites, Google, Gmail and other web mail websites -- to attack 
unsuspecting users."

If ICANN hasn't done so already, it would be wise to immediately notify all 
ICANN registries and registrars about the exploit and the urgency to implement 
the security patches.

Sincerely,
Ted
Prophet Partners Inc.
http://www.ProphetPartners.com
http://www.Premium-Domain-Names.com


<<< Chronological Index >>>    <<< Thread Index >>>