What was once a vague threat of eavesdropping, if you didn’t encrypt your email, has reached over into areas where many of us, from consumers to tech providers (of security hardware, no less) once felt fairly safe.
August 4, 2008 (IDG News Service) Nearly a month after a critical flaw in the Internet’s Domain Name System was first reported, vendors of some of the most widely used firewall software packages are scrambling to fix a problem that can essentially undo portions of the patches that address this bug.
The DNS flaw affects server software made by many vendors, including Microsoft, Cisco Systems, and the Internet Systems Consortium.
Some firewall software undoes a source port randomization feature that was introduced in the DNS patches. While this change doesn’t completely negate the DNS patch, it could make it easier for attackers to pull off a cache-poisoning attack against the DNS server, security experts say.
This could lead to virtually undetectable phishing attacks against users of those DNS servers.
Full Article:
Security expert: DNS Attacks are Happening
http://news.cnet.com/8301-1009_3-10022303-83.html
Email – “Forgot your password? Send it to a hacker.”
http://www.cnn.com/2008/TECH/biztech/08/06/internet.security.ap/index.html
Finally,
what hackers are probing and leveraging…
http://topics.cnn.com/topics/hackers
…. when they’re not just trying to shut you down, wholesale…
http://nirlog.com/2006/03/28/dns-amplification-attack/
