Hackers Target Internet Address Bug to Disrupt Sites

Uploaded on 2015-08-14 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

software-bug-750x500.jpgThe bug targets systems which convert URLs into IP addresses.


Internet users could be affected by exploits that throw websites offline Hackers are exploiting a serious flaw in the Internet's architecture, according to a security firm.

The bug targets systems, which convert domain names into IP addresses. Exploiting it could threaten the smooth running of Internet services as it allows hackers to launch denial-of-service attacks on websites, potentially forcing them offline.

Regular Internet users are unlikely to be severely affected, however.

Bind is the name of a variety of Domain Name System (DNS) software used on the majority of Internet servers.

The recently identified bug allows attackers to crash the software, therefore taking the DNS service offline and preventing URLs, for example, from working. A patch for the flaw is already available, but many systems are yet to be updated.

The Internet Systems Consortium (ISC), which develops Bind, said in a tweet that the vulnerability was "particularly critical" and "easily exploited".

Daniel Cid, a networking expert at Sucuri has published a blog post on the vulnerability in which he explained that real exploits taking advantage of the flaw have already happened. He told the BBC: "A few of our clients, in different industries, had their DNS servers crashed because of it. Based on our experience, server software, like Bind, Apache, OpenSSL and others, do not get patched as often as they should."

Cybersecurity expert Brian Honan commented that a spike in exploits of the flaw was expected over the next few days. However, he added that websites would often still be accessible via other routes and cached addresses on DNS servers around the world, even when certain key DNS servers have been made to crash.

"It's not a doomsday scenario, it's a question of making sure the DNS structure can continue to work while patches are rolled out," he said. The impact on general Internet users is likely to be minimal, according to Mr Cid. "Average Internet users won't feel much pain, besides a few sites and email servers down," he said.
BBC: http://http://bbc.in/1DpQhd6

 

 

« Predictive Policing Technology Arrests
Switzerland & Austria Investigate Claims of Electronic Spying at Iran Talks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

CyberDegrees.org

CyberDegrees.org

CyberDegrees.org aims to provide top-notch information for students seeking Cyber Security education and career guidance.

astarios

astarios

astarios provide near-shore software development services including secure software development (DevSecOps), quality assurance and testing.

Forum Systems

Forum Systems

Forum Systems is a global leader in API Security Management with industry-certified, patented, and proven products deployed in the most rigorous and demanding customer environments.

CybrHawk

CybrHawk

CybrHawk is a leading provider of information security-driven risk intelligence solutions focused solely on protecting clients from cyber-attacks.

Veridium

Veridium

Veridium is a leader in single step - multi factor biometric authentication, designed to safeguard enterprises’ most critical assets.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

FPG Technologies & Solutions

FPG Technologies & Solutions

FPG Technology is a technology solutions provider and systems integrator, specializing in delivering IT Consulting, IT Security, Cloud, Mobility, Infrastructure solutions and services.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

ASMGi

ASMGi

ASMGi is a managed services, security and GRC solutions, and software development provider.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.

Sinergi Digital

Sinergi Digital

Sinergi Digital is a business unit of the Metrodata Group with a focus on providing ICT solution to help accelerating digital transformation.

Clutch Security

Clutch Security

Clutch Security are on a mission to secure all Non-Human Identities. Everywhere.