Internet Systems Consortium (ISC), the maintainer of BIND, advises that a critical vulnerability allows attackers to perform denial of service attacks by sending malformed dynamic update messages to DNS servers using the software. Administrators are urged to deploy patches for their operating system immediately, if available. BIND is the most widely used DNS server software and is distributed by default with the vast majority of Unix and Linux platforms. This latest DoS bug affects all versions of BIND 9, the latest major revision of the software, up to 9.4.3-P3, 9.5.1-P3 and 9.6.1-P1, which are not vulnerable. "Receipt of a specially cra... [read more >>] A new type of attack launched from a single machine with limited hardware resources and bandwidth can cripple many of the webservers on the Internet today. Instead of flooding the server with more packets than it can handle, this new denial of service condition implies sending only a couple of hundreds of partial HTTP requests.This new DoS attack method has recently been documented by reputed web security researcher Robert "RSnake" Hansen. The researcher also released a proof-of-concept tool that is able to carry out such attacks. Dubbed Slowloris and coded in Perl, the script can be run from *NIX-based systems only, because Windows limits ... [read more >>] According to the 2008 DNS Survey, commissioned by network services appliances vendor Infoblox, while some improvements are noticeable, compared to 2007, millions of publicly available DNS servers still allow open recursion, which makes them vulnerable to DoS and cache poisoning attacks.The tests were carried out by the Test Measurement Factory, using two datasets. The first dataset contained a number of over 90,000 randomly selected routed IP addresses, which amounted to about 5% of the total routed IPv4 space. The second dataset used one million domains names, randomly selected from a list of 182 million .com and .net domains submitted by ... [read more >>] Dan Kaminsky is the IOActive specialist whose speech was the most anticipated at this year's Black Hat hacker conference held in Las Vegas. This happened because, one month ago, Kaminsky announced that he had discovered a DNS flaw that employed completely new methods to steal data and affect users' connections. When all those either too curious or too impatient attempted to find out what it was all about, including here hack attempts, Kaminsky asked for more time and vouched he would unveil everything at the Las Vegas conference.Yesterday, in a speech held in front of a very large audience, Kaminsky did indeed offer some details o... [read more >>] | 
RSS
