Bringing down the Internet seemed like a task that hackers can only dream about. However, nowadays it seems like hackers are getting closer to dangerous attacks like one “lone-wolf hacker” who could exploit a security flaw with a critical bug and bring down parts of the Internet.
“A recently disclosed vulnerability in Bind, the most widely used software for translating human-friendly domain names into IP addresses used by servers, makes it possible for lone-wolf attackers to bring down huge swaths of the Internet, a security researcher has warned,” according to Arstechnica.
There haven’t been reports of hackers trying to exploit the security flaw in Bind but it does pose a pretty drastic threat. There is a fix in place but there is no telling whether or not it will actively prevent hackers from exploiting the holes in Bind.
“The flaw, which involves the way that Bind handles some queries related to transaction key records, resides in all major versions of the software from 9.1.0 to 9.8.x, 9.9.0 to 9.9.7-P1, and 9.10.0 to 9.10.2-P2,” according to the report.
“Attackers can exploit it by sending vulnerable servers a malformed packet that’s trivial to create. Vulnerable servers, in turn, will promptly crash.”
Meanwhile, Rob Graham, CEO of penetration testing firm Errata Security points the finger towards Bind and the fact that it’s an out of date and also said that as a piece of critical infrastructure software it should not have these types of security holes. Now the question is should Bind be done away with or can it be strengthened to the point where these attacks would be null?
Read the full story.