Server Hijack Problem Prompts Unified Industry Response

The show of patch-unity displayed by many of the industry's major players in addressing a domain name sever flaw is gratifying -- and annoying too. Nice to see them working together. Nicer if we knew more about the problem they're working to fix.

Keith Ferrell, Contributor

July 9, 2008

2 Min Read
Dark Reading logo in a gray background | Dark Reading

The show of patch-unity displayed by many of the industry's major players in addressing a domain name sever flaw is gratifying -- and annoying too. Nice to see them working together. Nicer if we knew more about the problem they're working to fix.The coming together of Cisco, Microsoft and more than a dozen others to coordinate and deploy a unified front of DNS server fixes was in response to a server vulnerability described in this brief from CERT (Computer Emergency Readiness Team).

The vulnerability can be exploited by cache poisoning which, in very basic terms, lets the exploiter redirect traffic from legit Web sites to their illegit ones.

(There's a good technical explanation here, from Informationweek's Mike Fratto.) The size of the problem -- and the implications of that size -- are made clear both in the essentially unprecedented unity of industry response, but also in the caution (or caginess) of public statements about the vulnerability itself.

That reticence (to be kind) will be debated, discussed and blogged for awhile -- how much right do those who use the Internet have when it comes to understanding just how deeply flawed the Net's underlying organizational structure may be?

Add your two cents' worth to that debate here, there or anywhere -- the important thing right now is to get a handle on your own business's relationship to the (DNS) domain name server problem and its fixes.

If your business is running DNS servers then you and your technical team should already be on top of the situation: check with your server manufacturer for a patch and put it to work.

If, like many small and midsize businesses, you're not running your own servers, make a quick inquiry to your service provider to make sure that they have patched theirs.

As I blogged yesterday, the more you know about how your service -- and server! -- providers work and the care they take in their work, the better protected your business will be.

The bMighty Server How-To Center is here.

Read more about:

2008

About the Author

Keith Ferrell

Keith Ferrell

Contributor

See more from Keith Ferrell
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events