Four flaws threaten 80% of the world's Web sites

Up to 80% of the world's Web sites rely on domain name server software that is vulnerable to Microsoft-style denial of service...

Up to 80% of the world's Web sites rely on domain name server software that is vulnerable to Microsoft-style denial of service attacks.

Matthew Burgess

A security centre at Carnegie Mellon University in the US has identified four flaws in the Berkeley Internet Name Domain server software, which translates text-based domain names into the numeric IP addresses used by computers to identify Web sites.

Hackers could make use of these flaws to control traffic to and from Web sites including file downloads and email.

JJ Gray, a security architect at digital security consultancy @stake said that if BIND software were compromised, intruders could cause a lot more problems than denying access to a site.

"It would be possible to redirect people to other sites without their knowledge. If someone were to replicate the site of a financial institution, the customers they diverted to this replica would be unwittingly giving away all their personal information" said Gray.

The Internet Software Consortium two weeks ago released patches that upgrade BIND to version 9, which is not open to such attacks. These can be found atwww.isc.org/products/BIND/bind-security.html

Read more on Web software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close