DNS Exploit Flaw Arrives
By Christopher Nickson
July 25, 2008
It was bound to happen — after a DNS flaw was revealed, it was only a matter of time before someone discovered an exploit flaw for it.
Not long ago security research Dan Kaminsky revealed a flaw in the Domain Name System (DNS), although he refused to give details. Those came, somewhat inadvertently, thanks to another researcher, Halvar Flake.
Now, inevitably, the first exploit code for that flaw has arrived.
Luckily, it’s been created by two other researchers, HD Moore and Druid, who’ve developed an exploit module that runs that Moore’s vulnerability-testing framework, Metasploit, according to Vnunet.
Kaminsky had refused to give details of the flaw until a solution had been developed, and that was followed by a massive patch rollout, so many servers are already patched against any potential attack.