News

BIND Flaw Could Lead to DNS Problems

By Aaron Dobbins | Published January 29, 2001, 1:33 PM

The Computer Emergency Response Team, otherwise known as CERT, is telling Web administrators and others in key positions that an upgrade to the BIND DNS server software is immediately necessary to prevent attacks and Web outages. According to the CERT report, both versions 4 and 8 of the popular software have been found to be vulnerable to attacks which could allow a potential hacker to reroute Web visitors to different IP addresses.

Reuters reports that as much as 80 percent of all sites on the net could be open to such attacks.

The potential risk was originally discovered by PGP Security, a division of Network Associates. Security experts at the firm also told Reuters that no known uses of the exploit to gain control and reroute traffic have been reported.

More information on the risk can be found at CERT and a new version of the BIND software can be found at the Internet Software Consortium Web site, who makes the BIND software.

Comments

View comments by with a score of at least

jose3030
Jan 31, 2001 - 6:12 AM

this is what brought down..

http://www.okayplayer.com ? ?

Score: 0

|
Post Reply
MeToYou
Jan 30, 2001 - 6:25 PM

Maybe the whole net will be brought down someday... Then the stupid attacker hackers will have nothing else to do! hahaha

Score: 0

|
Post Reply
stubear
Jan 30, 2001 - 1:17 PM

...did someone check to make sure the pillar that is holding up the sky is still in tact?

Score: 0

|
Post Reply
CPUGuy
Jan 29, 2001 - 7:54 PM

and of course, no flames because it's not MS's DNS server, it's Unix's BIND.

Score: 0

|
Post Reply
Jay_
Jan 30, 2001 - 6:57 AM

That was a stupid comment to make. It might have made a lot more sense to post that to slashdot instead of here.

But I read only Slashdot that OpenBSD wasn't vulnerable to the attack, which I found interesting.

Score: 0

|
Post Reply
Jay_
Jan 30, 2001 - 6:59 AM

Oh, and just to make you happy...

uN1x s4XoRs

Score: 0

|
Post Reply
CPUGuy
Jan 30, 2001 - 3:37 PM

Nah, Unix is good at what it does, it's just stupid how people bash MS for having a minor problem, and then another company that makes the same exact type of product has a problem, and somehow it's no big deal, because it's not made by MS.

Score: 0

|
Post Reply
Jay_
Jan 30, 2001 - 6:33 PM

Well, Microsoft products do cost a pretty penny. BIND is free. Not that it makes it right for people to be hypocritical, but something you pay for should be better than a free product, although this is not always the case.

Score: 0

|
Post Reply
CPUGuy
Jan 30, 2001 - 9:12 PM

Well... comparitively speaking, Win2k is MUCH MUCH MUCH cheaper than getting something like Solaris, and really, the only reason people buy Sun is because of brand loyalty, you wouldn't believe how many times I've been told that Sun products are piles of crap (by programmers, mainly).

Score: 0

|
Post Reply
Jay_
Jan 31, 2001 - 6:49 AM

Point taken, but I was mainly referring to the free *nix's (FreeBSD, NetBSD, blahblah BSD, and of course, Linux.)

Score: 0

|
Post Reply

After telling US to mind its own business, Kroes slaps caps on Rambus royalties

The holder of many patents worldwide pertaining to DDR memory offered to reduce its royalty stake in that technology, and today the EU said yes.

Why Apple succeeds, and always will

The company consistently plays by different rules, literally like David did in his battle against Goliath.

EC's Kroes to US senators: Mind your own business on Oracle + Sun

UPDATED The EU's antitrust chief told the United States Senate Tuesday that any merger that takes place in the world is more her affair than theirs.

Betanews Podcast: Rupert Murdoch and the buying stuff online problem

We'll have a more difficult time paying for online news if the underlying protocol for online payment has a big gaping hole in it.

In a peace offering to newspapers, Google offers a new news format

It's probably not a solution to the woes of major news publishers, but Living Stories may gather a few of those publishers together in search of one.

Google Maps doesn't prevent car accidents, only search accidents

This week, Google updated Maps for Android 3.3.1, adding topography, nearby points of interest, and error reporting.

DOJ: Microsoft interop docs are now 'substantially complete'

A major milestone in the US Government's oversight of Microsoft is passed, as the Justice Dept. is now saying the company's protocol documents make sense.

The $1 DVD rental debate: LA group says Redbox will lose movie makers $1B

A report from the Los Angeles Economic Development Corporation says cheap Redbox DVD rentals could seriously damage the movie business.

First impressions of Droid: Easy, breezy, friendly, if a little fat

Though it's not quite as well-polished as Apple's iPhone OS, the version of Android that Motorola's Droid phone sports is still a breeze to use.

Windows fix for TLS security bug still forthcoming, won't be Tuesday

Anyone looking for a fix for last month's discovery of a potentially serious security hole in TLS and SSL may have to wait until everyone is ready to act together.

Not the first, not the last, technology predictions for 2010

Carmi Levy | Wide Angle Zoom: The real truth is probably that what went around in 2009, will come around to haunt us next year.