Physicist hacks DNS patch

By

A Russian physicist has successfully hacked an emergency patch designed to fix a recently discovered DNS vulnerability.

Physicist hacks DNS patch
A Russian physicist has successfully hacked an emergency patch designed to fix a recently discovered DNS vulnerability.

Evgeniy Polyakov reportedly used two desktop computers and a high-speed network link to fool the patch into returning a spoofed address in just 10 hours.

According to Polyakov, a typical attack server generates approximately 40,000-50,000 fake replies before hitting on the right one. Polyakov also noted that if the port is matched "the probability of successful poisoning is more than 60 per cent".

Alarmed insecurity experts warned the patch could be exploited to redirect Internet traffic and collect user passwords.

The hacker appears to state on a Russian Blog, "DJBDNS does not suffer from this attack. It does. Everyone does. With some tweaks it can take longer than BIND, but overall problem is there."
Got a news tip for our journalists? Share it with us anonymously here.
theinquirer.net (c) 2010 Incisive Media
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?