They detected an important vulnerability in DNS protocol

20th July 2008

Safety researchers have found in Domain Name System protocol a vulnerability that allows attackers when its massive use to disrupt the normal work of the Internet. Because of the importance of the error IOactive company, which detected it, informed leading suppliers of DNS-programs with the appeal to release patches as soon as possible. IOactive undertaked the task of coordinating the development of patches; Microsoft, Sun, ISC DNS Bind and Cisco are engaged with the development of them. The operation of the vulnerability leads to diversion to any chosen be the atacker address, it can be used both on old and new versions of DNS. , Dan Kaminsky, who disclosed the vulnerability, hasn`t revealed technical details he will talk about it in a month when the basic mass of patches will be released and the threat will be reduced to minimum. For the first time Kaminsky discovered the problem even six months ago, but didn`t inform the public about it. He engaged other specialists, and as a result Kaminski and 16 other researchers gathered under the roof of Microsoft to investigate the problem together.