DNS vulnerability issue.....
I thought I would share this, since I know after my vacation I would deal with this at work. (Not to mention all the phishing, vishing, and spam filtering problems I had while I was away)
There was an article today at linux.com about a vulnerability in DNS servers:
Linux.com :: Patches coming today for DNS vulnerability
The researcher at IOActive has a website that has a DNS checker tool to see if the DNS servers you use are affected.
DoxPara Research
Here is a brief description:
Recently, a significant threat to DNS, the system that translates names you can remember (such as DoxPara Research) to numbers the Internet can route (66.240.226.139) was discovered, that would allow malicious people to impersonate almost any website on the Internet. Software companies across the industry have quietly collaborated to simultaneously release fixes for all affected name servers.
I usually use OpenDNS servers, for some reason when I did a check on my AT&T 2Wire router, it was using AT&T's DNS servers. I ran the test and they failed. I switched back over to OpenDNS and they passed.
This is being kept in my opinion hush hush, this obviously affects all different types of DNS servers, whether they are Microsoft, Linux, Unix, BSD or any other type.I do have a feeling it is very serious or critical.
Security updates did go out on Ubuntu Linux this evening, I'm sure Microsoft and others are not far behind.
I thought I would share this, since I know after my vacation I would deal with this at work. (Not to mention all the phishing, vishing, and spam filtering problems I had while I was away)
There was an article today at linux.com about a vulnerability in DNS servers:
Linux.com :: Patches coming today for DNS vulnerability
The researcher at IOActive has a website that has a DNS checker tool to see if the DNS servers you use are affected.
DoxPara Research
Here is a brief description:
Recently, a significant threat to DNS, the system that translates names you can remember (such as DoxPara Research) to numbers the Internet can route (66.240.226.139) was discovered, that would allow malicious people to impersonate almost any website on the Internet. Software companies across the industry have quietly collaborated to simultaneously release fixes for all affected name servers.
I usually use OpenDNS servers, for some reason when I did a check on my AT&T 2Wire router, it was using AT&T's DNS servers. I ran the test and they failed. I switched back over to OpenDNS and they passed.
This is being kept in my opinion hush hush, this obviously affects all different types of DNS servers, whether they are Microsoft, Linux, Unix, BSD or any other type.I do have a feeling it is very serious or critical.
Security updates did go out on Ubuntu Linux this evening, I'm sure Microsoft and others are not far behind.