Is Your DNS Patched?是您的DNS补丁?
In case you have been living under a rock for the past month you have most likely heard about the DNS cache exploit recently discovered by如果你已经生活在一块石头在过去的一个月你最有可能听到DNS缓存利用最近发现的 Dan Kaminsky . This might be one of the most severe flaws discovered as it was cross platform affecting everything from Windows to Linux, UNIX, Cisco IOS etc.... It was so big in fact that all the丹卡明斯基。这可能是一个最严重的安全漏洞发现,因为它是跨平台的影响一切从Windows到Linux , UNIX的,思科公司的IOS等...这是这么大的事实,即所有的 major vendors worked together to get the patch issued on the same day. The flaw would allow an attacker to insert a malicious DNS record into the cache. As an end user you type in主要供应商共同努力,下载补丁程序发出的同一天。这个漏洞将允许攻击者插入一个恶意DNS记录到缓存。作为一个最终用户的您键入 www.technet.com and rather than get the proper IP address the cache delivers the malicious IP address sending you to ???? You can www.technet.com和,而不是得到适当的IP地址的缓存提供了恶意IP地址寄给您呢? ? ? ?您可以 find out more on the details of the flaw at Dan's blog.找到更多的细节,这个安全漏洞在丹的博客。
You should also make sure that you are patched. Make sure that your upstream ISP DNS servers are patched by calling them or using Dan's DNS Checker at the top of his website.您也应该确认您是补丁。请确保您上游的ISP DNS服务器补丁,呼吁他们或利用丹的DNS检查顶部的个人网站。
So why all of a sudden a rush to ensure you are patched? Well the那么,为什么突然赶,以确保您的补丁?好 patches issued by the vendors have been reverse engineered and补丁发布的厂商一直在逆向工程和 exploit code has been published ! Dan has said many times that this is an extremely easy to launch exploit that could be implemented in seconds.利用代码已经发布!丹已经说过很多次,这是一个非常容易利用发射,可在几秒钟内实施。
KB953230 - Vulnerabilities in DNS could allow spoofing KB953230 -在D NS中的漏洞可能允许欺骗
Go. 离去。 Read. 阅读。 Patch. 修补程序。 Now. 现在。
And when you are done, copy and paste this blog post to your blog, email it to your IT Pro buddies, get the word out!当你的工作要做,复制并粘贴此博客张贴到您的博客,通过电子邮件发送给您IT Pro的朋友,让这个词了!
If you have links to the patches from other vendors, please leave a comment with the URL!如果你有联系的补丁从其他供应商,请发表评论的网址!
Written by rodney.buike. 撰稿rodney.buike 。 Read more great feeds at is source 阅读更多的是供稿源 WEBSITE 网站
no comments 没有评论 . 。
Read more articles on 阅读更多文章 rodney.buike rodney.buike and 和 otherSoftware otherSoftware and 和 DNS 的DNS and 和 Security 安全 . 。
- [+] Digg [ + ] Digg的 : Feature this article :特征本文
- [+] Del.icio.us [ + ] Del.icio.us : Bookmark this article : 06条
- [+] Furl [ + ]卷 : Bookmark this article : 06条
