Hackers have released software that exploits a recently disclosed flaw in the Domain Name System (DNS) software used to route messages between computers on the internet, reports PC World–making it imperative that school IT staff and others patch their DNS servers if they haven’t already. Internet security experts warn that this code could give criminals a way to launch virtually undetectable phishing attacks against internet users whose service providers have not installed the latest DNS server patches. Attackers also could use the code to silently redirect users to fake software update servers in order to install malicious software on their computers, said Zulfikar Ramizan, a technical director with security vendor Symantec. The bug was first disclosed by IOActive researcher Dan Kaminsky earlier this month, but technical details of the flaw were leaked onto the internet earlier this week. Kaminsky had worked for several months with major providers of DNS software, such as Microsoft, Cisco, and the Internet Systems Consortium (ISC), to develop a fix for the problem. Users of DNS servers have had since July 8 to patch the flaw, but many have not yet installed the fix on all DNS servers. (Note to readers: For more information on this flaw and where you can find patches for various systems, see this Vulnerability Note from CERT.)

Click here for the full story

About the Author:

eSchool News