DNS Cache Poisoning Vulnerability
One of the people I connected with in the course of my security work is Dan Kaminsky. Dan's a widely respected security researcher and I was really pleased when he joined IOActive as Director of Penetration Testing. Josh Pennell and the IOActive team are friends and some of the sharpest security minds in the business.
While DNS problems might not sound like they fit in the world of unified communications. Dan's latest find is a big enough issue that I think it's wroth sharing here.
My colleague Dan Sullivan describes it here on the Realtime Messaging and Web Security Community.
DNS Cache Poisoning Code Now Publicly AvailableIf you haven't already patched your DNS, go do so now.As predicted it didn't take long for exploit code to become available to the DNS vulnerability found by Dan Kaminsky.
Ryan Naraine and Nathan McFeters has details and analysis here with updates here.
The code is available for Metasploit making it readily available to anyone with the open source tool. It's hard to imagine anyone who hasn't patched not dropping everything else this morning to get this patched.
Technorati Tags: attack code, Dan Kaminsky, DNS poisoning, DNS vulnerability, Metasploit, patching
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine