DNS Cache Poisoning Issue Update
Ok, we have a confirmed instance where the DNS cache poisoning vulnerability was used to compromise a DNS server belonging to AT&T. This PCWorld article covers the incident. The original article makes it sound as though the Metasploit site was 'owned' by this incident when really the issue was that the AT&T DNS server was compromised and was providing erroneous IP addresses to incoming queries. This updated PCWorld article clarifies the first one.
Additional details can be found in this Metasploit blog post.
So we've moved from "the bad guys are out there" past "the invaders are at the gate" and on to "the bad guys are slipping inside". If your organization has not yet patched your DNS servers (see here) , please do so now.
We may be raising our InfoSec status to yellow soon to help raise attention to the serious nature of this issue.
David Goldsmith
 
              
Comments
JSK
Jul 31st 2008
1 decade ago
JSK
Jul 31st 2008
1 decade ago
JSK
Jul 31st 2008
1 decade ago
(Both the app's update URL and their own download.lavasoft.com/public site.)
Tinqer
Aug 2nd 2008
1 decade ago