A new flaw to the internet’s architecture has been discovered, that allows hackers to make DNS attacks. As the specialists in matters of internet security revealed, the bug that was recently found, targets systems that turn the URLs to IP addresses. Thus, the hackers who find that, can take advantage of the address and make a denial of service attack to websites with the potential to put them out of order.
The British network BBC on one of its news articles reports that the normal internet users are not threatened by those kind of attacks.
Also Bind, the most commonly used DNS (Domain Name System) software, is used by the majority of service providers on the internet. The bug that has been discovered, allows to the attackers intervene in the software, thus making the DNS service go off.
There has already been a fix for this certain bug, however most of the systems do not seem to have installed that update, which leaves vulnerable and open to attacks.
Internet Systems Consortium (ISC), a company that takes credits for the development of Bind, mentioned through a twit on Twitter that the vulnerability was “particularly critical” and “easily exploited”.
Daniel Cid, a networking expert at Sucuri has published a blog post on the vulnerability in which he explained that real exploits taking advantage of the flaw have already happened.
He told the BBC: “A few of our clients, in different industries, had their DNS servers crashed because of it. Based on our experience, server software, like Bind, Apache, OpenSSL and others, do not get patched as often as they should. It’s not a doomsday scenario, it’s a question of making sure the DNS structure can continue to work while patches are rolled out. Average internet users won’t feel much pain, besides a few sites and email servers down.”
So that leaves either big companies with official sites or e-shops exposed to attacks, at least until they all install the update to fix that bug.
The story of how it was found remains unknown unfortunately, since it seems pretty interesting. Of course this is not the first bug on the internet that has been discovered. It is though the latest one. Stay tuned to find out whether hackers will figure out a way to bypass the update and answer with a more sophisticated attack.