Critical BIND bug could crash large portions of the internet2015-08-04 09:38 by Daniela
Tags: BIND, hackers, Internet, DNS
Hackers have started exploiting an extremely severe vulnerability in the widely used software utility BIND. It is one of the most popular DNS servers in the world and is used by most DNS providers.
The vulnerability number CVE-2015-5477 details an exploit that allows a remote, unauthenticated attacker to crash DNS servers using BIND by sending a specially crafted command.
The attack is reportedly so easy that a hacker could take down large chunks of the internet in a single move. And when many hackers do the same thing simultaneously, it would cause a noticeable outage and serious implications for the internet.
"Because of its severity we've been actively monitoring to see when the exploit would be live," Daniel Cid, founder and CTO of security firm Sucuri, wrote in a blog post published Sunday. "We can confirm that the attacks have begun. DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down, it also means your e-mail, HTTP, and all other services will be unavailable."
A patch for the flaw is already available, but many systems are yet to be updated. It's the only way to protect a system against the attack.
Read more -here-