DNS Bug: Critical Internet Security Flaw

A Critical Security Flaw Affects Nearly the Entire Internet

The DNS bug is so widespread that it could take years to patch.

Steve Dent | February 22, 2016

An eight-year-old bug in the Internet's Domain Name System (DNS) could be used to widely spread malware, according to security researcher Dan Kaminsky. He says a flaw found in the Gnu C standard library, aka "glibc," can trick browsers into looking up shady domain names. Servers could then reply with overly-long DNS names, causing a buffer overflow in the victim's software. That would in turn let hackers execute code remotely and possibly take over a machine. While the hole has already been patched, Kaminksy said "the buggy code has been around for quite some time -- since May 2008 -- so it's really worked its way across the globe." In other words, it could ages for the fix to be applied broadly.

Latest critical bug in widely used DNS server underscores its fragility. Source: http://arstechnica.com/security/2015/07/major-flaw-could-let-lone-wolf-hacker-bring-down-huge-swath-of-internet/

<more at http://www.engadget.com/2016/02/22/a-critical-security-flaw-affects-nearly-the-entire-internet/; related links: http://dankaminsky.com/2016/02/20/skeleton/ (A Skeleton Key of Unknown Strength. February 20, 2016) and http://www.engadget.com/2008/08/01/apples-dns-patch-coming-up-short/ (Apple's DNS patch coming up short. August 1, 2008); further: http://arstechnica.com/security/2015/07/major-flaw-could-let-lone-wolf-hacker-bring-down-huge-swath-of-internet/ (Major flaw could let lone-wolf hacker bring down huge swaths of Internet. Latest critical bug in widely used DNS server underscores its fragility. July 30, 2015)>