TAG | DNS vulnerability detailed: and much worse than expected |
|
| by Stuart Corner | |
| Thursday, 07 August 2008 | |
|
The scope of the problem was neatly summed up by George Kurtz, senior vice president and general manager of McAfee's Risk and Compliance business unit who told ChannelWeb: "When you hear about cache poisoning, most people think of attackers spoofing Websites, but when you go down the trail [Kaminsky] laid out, it's about taking over IPSec VPNs, SSL certification, all automatic updates for the software, Skype." According to the Los Angeles Times report of Kaminsky's presentation he has "fired the starting gun for a race between hackers who can now take advantage of the vulnerability and the big companies who have yet to patch their systems." And while many systems have been patched to make exploitation of the vulnerability much more difficult, there remain a significant number of unpatched systems. Wired reported Kaminsky saying that more than 120 million broadband consumers were now protected by patched DNS servers, which amounts to about 42 percent of broadband internet users and that 75 percent of Fortune 500 companies had also patched, while 15 percent had tried to patch but run up against problems. Another 15 percent had done nothing to fix the hole, he said. Small enterprises would likely rely on their ISP's servers but there must be many large enterprises outside the Fortune 500 which run their own servers and the percentage of patching would likely be lower than in the Fortune 500. Meanwhile, it has been claimed that the patch issued by Apple for OS X 10.4 and 10.5 is a 'Clayton's fix that makes only a token attempt to address the problem. On Kaminsky's blog site , there is facility which end users can use to see if their domain name server has been patched.
Get stories like this delivered daily - FREE - subscribe now
|
Tags
| < Next story in category | Previous story in the category > |
|---|
