It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(visit the link for the full news article)
Security researchers on Tuesday said they had discovered an enormous flaw that could let hackers steer most people using corporate computer networks to malicious websites of their own devising.
"This is about the integrity of the Web, this is about the integrity of e-mail," Kaminsky said. "It's more, but I can't talk about how much more."
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via certain cache poisoning techniques against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability."
Originally posted by Ian McLean
Looked into this a little more... wondering if this is a problem for client (end-user) machines or not. Eg, can the spoofing be individually targeted?
So, is this packet spoofing only applicable between different layers in the DNS hierarchy (server-to-server), or can it also be applied to individual client results (client-to-server)? Anyone know?
Regardless, just patching your local machine isn't enough.
Originally posted by astronomine
If this hole was found, what others are out there?
Originally posted by johnsky
Oh I guarantee there are at least tens of thousands of more security holes to be discovered, especially in windows based servers and software.
Luckily, the anti-virus and firewall companies usually find them first.
Funny how security companies stay in business because of the security issues with windows.