I put this on my own blog earlier but since I am new to this site and blogging I figured maybe I should at least spread the word a bit more...hope you do not mind.

Has anyone heard of this DNS flaw out there?

(This came from our internal Technical Director recently. It is worth sharing with everyone... "Several months ago, a very serious DNS flaw was discovered. This flaw is present in ALL DNS servers, and could allow the server to be compromised. This is referred to as “DNS poisoning”. Once poisoned, a DNS server may provide incorrect Internet name resolution. The details of this flaw were kept secret until a patch could be developed.

When you visit www.google.com, this friendly name is translated into an IP address by a DNS server. It is the IP address that actually gets you to Google. But a compromised DNS server can be made to return any IP address of the hacker’s choosing – and your browser will happily accept this IP address as valid and deliver you to the associated website.

Two weeks ago, a DNS security patch was released. This patch must be applied to EVERY Internet DNS server everywhere. As of today, about 60% of DNS servers have been patched. You might ask your network admins out there to check out your primary DNS servers and see if they have all been patched. However, I believe all DNS servers may sometimes query other DNS servers for domain information that they do not have. So becareful out there when surfing the net.

Unfortunately, the details of the DNS flaw were inadvertently leaked in a security blog over a week ago. Recently, the first malicious exploit was developed and “released”.
My advice for the next week or so:

1. Keep your Internet browsing to an absolute minimum.
2. Do not any online shopping or financial transactions.
3. No website is safe from this exploit. If you are the least bit suspicious of a website, close your browser immediately.
4. Report anything unusual to IT" )


NOTE:
Additional info:
Source: http://redwoodage.com/content/view/144074/45/

Be careful out there!

Views: 26

Subscribe

All the recruiting news you see here, delivered straight to your inbox.

Just enter your e-mail address below

Webinar

RecruitingBlogs on Twitter

© 2024   All Rights Reserved   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service