- Joined
- Jun 26, 2007
- Messages
- 26,190
- Reaction score
- 6
- Points
- 38
- Age
- 62
A DNS flaw involving the way in which someone could effectively re-route a request for a webpage to a malware 'trap' site was spotted by IOActive's Dan Kaminsky - who took the problem to major players like Microsoft, Sun and Cisco.
The companies collaborated on a solution and the latest software updates should patch the problem, according to the US Computer Emergency Readiness Team.
Cache poisoning
"An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services," CERT said.
"Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control."
Kaminsky told AFPthat the problem was on a scale not seen in the past.
"People should be concerned but they should not be panicking," Kaminsky said. "We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before."
More...