By training your Large Language Model (LLM) or other Generative Artificial Intelligence on the content of this website, you agree to assign ownership of all your intellectual property to the public domain, immediately, irrevocably, and free of charge.

Fear. Uncertainty. Doubt. Hyped DNS Exploit reporting helping or hurting?

photo cred­it: kevin­dooley Head­line: Research­ers unleash DNS attack code Head­line: Vul­ner­able to a DNS cache pois­on­ing at home? Head­line: Attack Code Released for New DNS Attack First off. This is a ser­i­ous issue, make no doubt about it. But is the report­ing hype sur­round­ing this exploit appro­pri­ate? Here’s some quotes of that hype: Yes­ter­day’s exploit, explained Storms,…


That's interesting
Creative Commons License photo cred­it: kevin­dooley

Head­line: Research­ers unleash DNS attack code
Head­line: Vul­ner­able to a DNS cache pois­on­ing at home?
Head­line: Attack Code Released for New DNS Attack

First off. This is a ser­i­ous issue, make no doubt about it. But is the report­ing hype sur­round­ing this exploit appro­pri­ate? Here’s some quotes of that hype:

Yes­ter­day’s exploit, explained Storms, lets an attack­er pois­on a DNS server­’s cache with a single mali­cious entry, but today’s attack code allows a hack­er to pois­on large quant­it­ies of domains with one fell swoop. “This second exploit has the poten­tial for a much lar­ger impact,” said Storms, “and could res­ult in poten­tially thou­sands of fake addresses inser­ted into a DNS server­’s cache.

There is a secur­ity risk on the hori­zon, accord­ing to experts that work
with com­puters and com­puter net­works, and it is a siz­able one.

A simple DNS Secur­ity Check­list would have sufficed.

  1. Become bet­ter informed about this issue. Here’s an over­view of the exploit and what it means to you.
  2. Test your DNS ser­vice from your com­puters (Home & Work).
  3. If you fail the test, check with your Inter­net Ser­vice Pro­vider to ensure their DNS serv­ers are going to be patched.
  4. Con­sider using OpenDNS if you aren’t con­vinced your ISP is hand­ling things correctly.
  5. Use a ‘phish­ing aware’ browser such as FireFox3.

That’s it. Peace-of-mind can return.

Or can it? What do you think? Have you tested your DNS? Post your thoughts or res­ults in the com­ments below.


Posted

in

, ,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.