iTnews
  • Home
  • News
  • Technology
  • Security

Exploit emerges for DNS flaw

By Shaun Nichols
Jul 25 2008 2:36PM
Follow google news

Exploit code has surfaced for a much-touted Domain Name System flaw..


Researchers HD Moore and Druid have developed a module which is capable of exploiting the vulnerability. The module runs through Metasploit, a vulnerability-testing framework built by Moore.

The exploit code is the first to appear for the DNS cache-poisoning flaw first discovered by researcher Dan Kaminsky.

The release of the module comes just days after details of the flaw were disclosed by fellow researcher Halvar Flake.

Kaminsky said that he had found the flaw, but refrained from disclosing the details until vendors could issue a patch. He planned to unveil the details at next month's Blackhat conference.

Though the details of the vulnerability were not publically available, Kaminsky shared his research with a number of hardware and software vendors, prompting one of the largest mass-patch rollouts in history.

That policy may have helped avoid a major catastrophe, as most servers were protected even before details on the flaw were publically known.

Zulfikar Ramzan, technical director of Symantec's Security Technology and Response (STAR) team, told vnunet.com that the exploit code ads little danger to the situation at this point.

"My impression is that most of the major ISPs have already patched," said Ramzan.

"At this stage I don't know if it is going to affect end users."

Ramzan said that while there are a large number of server that have not been patched, many are poorly maintained servers and are likely to be open to older, more established attack methods anyways.

He also noted that though the module has the ability to exploit the flaw, it is far from a real-world attack by actual criminals.

However, administrators may not be out of the woods just yet. Ramzan said that a greater danger could come after Kaminsky posts the full details of the flaw and attackers get a better look at the nature of the vulnerability.

"There is a saying in the security community that attacks always get better, they never get worse," he explained.

"Someone might develop variations on the attack that are more potent in the future."

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
dnsemergesexploitflawforsecurity

Related Articles

  • Anthropic releases Mythos-class model for public use Anthropic releases Mythos-class model for public use
  • Apple bumps up security in fresh operating system releases Apple bumps up security in fresh operating system releases
  • Meta accuses NSO Group of violating court order by WhatsApp spear phishing Meta accuses NSO Group of violating court order by WhatsApp spear phishing
  • Researchers build self-replicating AI worm with BYO LLM Researchers build self-replicating AI worm with BYO LLM
Join our WhatsApp Channel

Partner Content

Agile isn’t the problem: why projects still fail, and what’s missing
Partner Content Agile isn’t the problem: why projects still fail, and what’s missing
The hidden economics of AI: Why token usage matters more than you think
Partner Content The hidden economics of AI: Why token usage matters more than you think
Why resilient communications are becoming critical infrastructure for modern enterprise IT
Promoted Content Why resilient communications are becoming critical infrastructure for modern enterprise IT
Scalable AI solutions: secure delivery
Scalable AI solutions: secure delivery

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

  • iTnews State of Security Breakfast iTnews State of Security Breakfast
  • iTnews State of Data & AI Breakfast iTnews State of Data & AI Breakfast
  • The 2026 iAwards The 2026 iAwards
  • Integrate 2026 Integrate 2026
  • Security Exhibition & Conference Security Exhibition & Conference
Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Researchers build self-replicating AI worm with BYO LLM

Researchers build self-replicating AI worm with BYO LLM
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.