Wednesday, July 23, 2008

DNS vulnerability uncovered?

It appears someone has rediscovered Dan Kaminsky's DNS vulnerability. Security researcher Halvar Flake, has posted a hypotheses of his findings on his blog. While this hasn't been confirmed to be the same issue, security researchers are saying it is indeed. we sure hope it is. Dan declined to confirm if it is the same vulnerability.

Matasano, one of the companies briefed about Dan's findings have leaked some information on their site, it was soon removed but is now mirrored on other sites for our reading pleasure. And according to Dave Aitel, chief technology officer at security vendor Immunity, hackers are almost certainly already developing attack code for the bug, and will most likely appear within the next few days.

Did anyone really expect this to be kept under wraps until Blackhat next month?

No comments: