Physicist hacks DNS patch

By

A Russian physicist has successfully hacked an emergency patch designed to fix a recently discovered DNS vulnerability.

Physicist hacks DNS patch
A Russian physicist has successfully hacked an emergency patch designed to fix a recently discovered DNS vulnerability.

Evgeniy Polyakov reportedly used two desktop computers and a high-speed network link to fool the patch into returning a spoofed address in just 10 hours.

According to Polyakov, a typical attack server generates approximately 40,000-50,000 fake replies before hitting on the right one. Polyakov also noted that if the port is matched "the probability of successful poisoning is more than 60 per cent".

Alarmed insecurity experts warned the patch could be exploited to redirect Internet traffic and collect user passwords.

The hacker appears to state on a Russian Blog, "DJBDNS does not suffer from this attack. It does. Everyone does. With some tweaks it can take longer than BIND, but overall problem is there."
Got a news tip for our journalists? Share it with us anonymously here.
theinquirer.net (c) 2010 Incisive Media
Tags:

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

The Northern Beaches Women's Shelter hones focus on tech-enabled abuse

Log In

  |  Forgot your password?