Hackers Target Internet Address Bug to Disrupt Sites

software-bug-750x500.jpgThe bug targets systems which convert URLs into IP addresses.


Internet users could be affected by exploits that throw websites offline Hackers are exploiting a serious flaw in the Internet's architecture, according to a security firm.

The bug targets systems, which convert domain names into IP addresses. Exploiting it could threaten the smooth running of Internet services as it allows hackers to launch denial-of-service attacks on websites, potentially forcing them offline.

Regular Internet users are unlikely to be severely affected, however.

Bind is the name of a variety of Domain Name System (DNS) software used on the majority of Internet servers.

The recently identified bug allows attackers to crash the software, therefore taking the DNS service offline and preventing URLs, for example, from working. A patch for the flaw is already available, but many systems are yet to be updated.

The Internet Systems Consortium (ISC), which develops Bind, said in a tweet that the vulnerability was "particularly critical" and "easily exploited".

Daniel Cid, a networking expert at Sucuri has published a blog post on the vulnerability in which he explained that real exploits taking advantage of the flaw have already happened. He told the BBC: "A few of our clients, in different industries, had their DNS servers crashed because of it. Based on our experience, server software, like Bind, Apache, OpenSSL and others, do not get patched as often as they should."

Cybersecurity expert Brian Honan commented that a spike in exploits of the flaw was expected over the next few days. However, he added that websites would often still be accessible via other routes and cached addresses on DNS servers around the world, even when certain key DNS servers have been made to crash.

"It's not a doomsday scenario, it's a question of making sure the DNS structure can continue to work while patches are rolled out," he said. The impact on general Internet users is likely to be minimal, according to Mr Cid. "Average Internet users won't feel much pain, besides a few sites and email servers down," he said.
BBC: http://http://bbc.in/1DpQhd6

 

 

« Predictive Policing Technology Arrests
Switzerland & Austria Investigate Claims of Electronic Spying at Iran Talks »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Secure360

Secure360

Secure360 focuses on the following key areas: governance, risk and compliance, information security, physical security, business continuity management, and professional development.

HyTrust

HyTrust

HyTrust specialises in security, compliance and control software for virtualization and cloud environments.

BlackBerry Security Services

BlackBerry Security Services

Blackberry provides intelligent security software and services to enterprises and governments around the world.

Cymulate

Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

Cyber Security Education

Cyber Security Education

CybersecurityEducation.org is an online directory of cyber security education and careers.

AFNOR Group

AFNOR Group

AFNOR Group designs and deploys solutions based on voluntary standards around the world and provides services including training, professional and technical information, assessment and certification.

TM One

TM One

TM One is the enterprise and public sector business solutions arm of Telekom Malaysia Berhad (TM) Group.

CYRISMA

CYRISMA

CYRISMA is a revolutionary cybersecurity platform that helps organizations manage risk without the usual headaches associated with enterprise cybersecurity tools.

SecureDrives

SecureDrives

Passwordless Authentication & Encrypted Data Storage Solutions from SecureDrives. We are enabling organisations to work safely and securely, using technology driven solutions.

Squad

Squad

Squad provides leading expertise to ensure protection against the most complex cyber threats. Combining the best practices of DevOps and Cybersecurity, we are committed to create a secured cyber space

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Cryptr

Cryptr

Cryptr provides plug and play authentication to manage all your authentication strategies in one place with just a few lines of code.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

Waterleaf International

Waterleaf International

Waterleaf provide advanced network and cybersecurity solutions - informed by data sciences. Transforming Connectivity, Security and Information for Municipalities, Government & Enterprise.