Attack code imminent for DNS flaw

July 23, 2008 – 12:14 PM

One day after a security company accidentally posted details of a serious flaw in the Internet’s Domain Name System (DNS), hackers are saying that software that exploits this flaw is sure to pop up soon.

Several hackers are almost certainly already developing attack code for the bug, and it will most likely crop up within the next few days, said Dave Aitel, chief technology officer at security vendor Immunity. His company will eventually develop sample code for its Canvas security testing software too, a task he expects to take about a day, given the simplicity of the attack. “It’s not that hard,” he said. “You’re not looking at a DNA-cracking effort.”

The author of one widely used hacking tool said he expected to have an exploit by the end of the day Tuesday. In a telephone interview, HD Moore, author of the Metasploit penetration testing software, agreed with Aitel that the attack code was not going to be difficult to write.

The flaw, a variation on what’s known as a cache poisoning attack, was announced on July 8 by IOActive researcher Dan Kaminsky, who planned to disclose full details of the bug during an Aug. 6 presentation at the Black Hat conference.

That plan was thwarted Monday, when someone at Matasano accidentally posted details of the flaw ahead of schedule. Matasano quickly removed the post and apologized for its mistake, but it was too late. Details of the flaw soon spread around the Internet.


You must be logged in to post a comment.