Eighty per cent of web servers could be exposed to hacker attacks after security experts discovered a series of vulnerabilities in internet domain name software.
By Sally Watson
Published: 30 January 2001 15:50 GMT
The problem, discovered by researchers at Network Associates' Covert labs in the US, could provide an easy route for malicious hackers to control website traffic, publish false information, spread viruses or launch a denial of service (DoS) attacks.
The flaw was found in two of the most commonly used versions of Berkeley Internet Name Software, BIND 4 and BIND 8, which are used to run the majority of the world's internet domain name servers.
It is that prevalence which is causing concern. According to Tom Watson, internet security consultant at Defcom, the vulnerabilities could cause a huge problem. "This software is very widespread," he said, " and it sounds like it's very easy to exploit."
Network Associates and the CERT Coordination Centre at Carnegie Mellon University kept the vulnerability under wraps until a patch could be developed and made widely available.
"As a matter of routine users should upgrade and patch all their software," said Watson. "But something like BIND software is very easy to overlook, it's tucked away." According to Watson users still don't have the right mindset. "Its not until someone attacks part of your system that you realise its there," he said.
Petur Petursson, CEO of DNS software and consultancy firm Mice & Men, said this isn't the first time vulnerabilities have been discovered in BIND. "There is a really big need for security in DNS," he claimed.
Although standards groups are working on a secure DNS protocol it will be another 12 months before it is complete. "In the meantime users need to be aware that there is no authentication - its not secure," Petursson warned.
The news follows high profile attacks on Microsoft's DNS servers last week, after it was discovered the software giant had a potentially weak system design.
A survey by Mice & Men revealed a quarter of Fortune 1000 firms have the same badly configured DNS software, leaving flaws and weaknesses for hackers to exploit. The consultancy claims the problem is even worse in new economy companies, with insecure DNS systems at over a third of 5,000 dot-coms tested.
The BIND flaws were found in lab conditions and so far there is no evidence they have been exploited in the wild.
You can find the BIND patch at:
http://www.isc.org
SNMP and experience using various network management and monitoring tools • Experience using network tools such as bind, tcpdump, ifconfig, ...
The role will involve the assessment of vulnerabilities, patch testing and application deployment via remote systems such as SMS/SCCM, WSUS and ...
Our client requires a DNS specialist to work on an exciting project. The ideal candidate will be a DNS specialist, and be flexible with their working ...
Agenda Setters 2009
Welcome to the ninth annual Agenda Setters poll – silicon.com's list of the top 50 most influential individuals in the technology and IT industries, from techies and CIOs to entrepreneurs and business leaders. Find out more in our latest special report.
Stories from the web...
Copyright © 2008 CBS Interactive Limited. All rights reserved. Top of page
Digg
Slashdot
Del.icio.us
Stumble
Reddit
RSS Feeds
Nick Heath Your top HR tech priorities for next year revealed How to make human resources IT work for you
Bob Tarzey Why you must rein in your power users When they do damage, it can be catastrophic to your business