ICT Security-Sécurité PC et Internet
87.1K views | +0 today
Follow
ICT Security-Sécurité PC et Internet
Education Technology
ICT Security + Privacy + Piracy + Data Protection - Censorship - Des cours et infos gratuites sur la"Sécurité PC et Internet" pour usage non-commercial... (FR, EN+DE)...
Curated by Gust MEES
Your new post is loading...
Your new post is loading...
Scooped by Gust MEES
Scoop.it!

Attackers are downing DNS servers by exploiting BIND bug

Attackers are downing DNS servers by exploiting BIND bug | ICT Security-Sécurité PC et Internet | Scoop.it
From www.net-security.org - August 4, 2015 10:16 AM
As predicted, the critical and easily exploitable flaw that affects all versions of BIND, the most widely used DNS software on the Internet, has started being exploited by attackers.

The CVE-2015-5477 flaw allows them to mount Denial of Service attacks against websites and other services.

"DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down also means your email, HTTP and all other services will be unavailable," Sucuri Security CTO Daniel Cid explained and advised administrators to patch their DNS servers.


Learn more:


http://www.scoop.it/t/securite-pc-et-internet/?tag=BIND


Gust MEES's insight:

As predicted, the critical and easily exploitable flaw that affects all versions of BIND, the most widely used DNS software on the Internet, has started being exploited by attackers.

The CVE-2015-5477 flaw allows them to mount Denial of Service attacks against websites and other services.

"DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down also means your email, HTTP and all other services will be unavailable," Sucuri Security CTO Daniel Cid explained and advised administrators to patch their DNS servers.


Learn more:


http://www.scoop.it/t/securite-pc-et-internet/?tag=BIND




more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Une faille critique dans le serveur DNS Bind pourrait perturber l'Internet - Le Monde Informatique

Une faille critique dans le serveur DNS Bind pourrait perturber l'Internet - Le Monde Informatique | ICT Security-Sécurité PC et Internet | Scoop.it
From www.lemondeinformatique.fr - July 31, 2015 9:50 AM
Une vulnérabilité critique affectant toutes les versions du serveur DNS Bind 9 pourrait perturber le web. L'ISC, qui a proposé un correctif, enjoint les organisations concernées à appliquer au plus vite le patch de sécurité pour éviter à des pirates d'exploiter la faille par des attaques DDoS.
Gust MEES's insight:

Une vulnérabilité critique affectant toutes les versions du serveur DNS Bind 9 pourrait perturber le web. L'ISC, qui a proposé un correctif, enjoint les organisations concernées à appliquer au plus vite le patch de sécurité pour éviter à des pirates d'exploiter la faille par des attaques DDoS.


more...
Pierre-André Fontaine's curator insight, August 2, 2015 8:42 AM

Une vulnérabilité critique affectant toutes les versions du serveur DNS Bind 9 pourrait perturber le web. L'ISC, qui a proposé un correctif, enjoint les organisations concernées à appliquer au plus vite le patch de sécurité pour éviter à des pirates d'exploiter la faille par des attaques DDoS.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

Critical Flaw Threatens Millions of BIND Servers | threatpost

Critical Flaw Threatens Millions of BIND Servers | threatpost | ICT Security-Sécurité PC et Internet | Scoop.it
From threatpost.com - March 29, 2013 2:47 PM

There is a critical vulnerability in several current versions of the BIND nameserver software that could allow an attacker to knock vulnerable DNS servers offline or compromise other applications running on those machines. The bug is present in several versions of the ubiquitous BIND software and the maintainers of the application have released a patch for it ===> that they recommend users install as soon as possible. <===

 

===> The vulnerability is in BIND 9.7, 9.8, and 9.9 for Unix systems, but Windows versions are not affected. <===

 

The problem lies in the way that the software handles certain regular expressions, and an attacker who exploits the vulnerability could not only cause a denial-of-service condition on the server but also could potentially compromise other software on the machine.

 

Gust MEES's insight:

 

The bug is present in several versions of the ubiquitous BIND software and the maintainers of the application have released a patch for it ===> that they recommend users install as soon as possible. <===

 

===> The vulnerability is in BIND 9.7, 9.8, and 9.9 for Unix systems, but Windows versions are not affected. <===

 

The problem lies in the way that the software handles certain regular expressions, and an attacker who exploits the vulnerability could not only cause a denial-of-service condition on the server but also could potentially compromise other software on the machine.

 

Check also:

 

http://www.scoop.it/t/securite-pc-et-internet?tag=Linux-Vulnerabilities

 

more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

A huge DNS exploit could take down chunks of the internet

A huge DNS exploit could take down chunks of the internet | ICT Security-Sécurité PC et Internet | Scoop.it
From thenextweb.com - August 3, 2015 6:41 PM

Last week the Internet Systems Consortium released a patch for a serious vulnerability in BIND, one of the most popular Domain Name Servers that’s bundled with Linux. The incident number CVE-2015-5477 details an exploit that allows a remote, unauthenticated attacker to crash DNS servers using BIND by sending a specially crafted command. There’s no specific way to protect against the attack, other than installing the patch immediately.


The attack is reportedly so trivial that a single hacker could take down large chunks of the internet in a single move. All they would need to do is simultaneously crash enough DNS servers to cause a noticeable outage and serious implications for the internet.

Gust MEES's insight:

Last week the Internet Systems Consortium released a patch for a serious vulnerability in BIND, one of the most popular Domain Name Servers that’s bundled with Linux. The incident number CVE-2015-5477 details an exploit that allows a remote, unauthenticated attacker to crash DNS servers using BIND by sending a specially crafted command. There’s no specific way to protect against the attack, other than installing the patch immediately.


The attack is reportedly so trivial that a single hacker could take down large chunks of the internet in a single move. All they would need to do is simultaneously crash enough DNS servers to cause a noticeable outage and serious implications for the internet.


more...
No comment yet.
Sign up to comment
Scooped by Gust MEES
Scoop.it!

DNS-Server BIND, PowerDNS und Unbound droht Endlosschleife | CyberSecurity

DNS-Server BIND, PowerDNS und Unbound droht Endlosschleife | CyberSecurity | ICT Security-Sécurité PC et Internet | Scoop.it
From www.heise.de - December 9, 2014 5:36 PM
Eine Sicherheitslücke in den drei DNS-Servern kann dazu ausgenutzt werden, die Software lahmzulegen. Dazu muss ein Angreifer allerdings die Zonen manipulieren oder einen bösartigen DNS-Resolver einschleusen.
Gust MEES's insight:

Eine Sicherheitslücke in den drei DNS-Servern kann dazu ausgenutzt werden, die Software lahmzulegen. Dazu muss ein Angreifer allerdings die Zonen manipulieren oder einen bösartigen DNS-Resolver einschleusen.


more...
No comment yet.
Sign up to comment
About Follow us Resources Terms Mobile Features
Facebook
X
LinkedIn