The much debated DNS flaw that had IT giants working overtime to create its patch, has been accidentally revealed online, creating an issue for those whose servers are yet to utilise the patch.
Security Researcher Dan Kaminsky had made it clear that he would disclose the details of his discovery of the famous DNS flaw at the Black Hat security convection in August 2008.
However, the details were leaked yesterday by a researcher at the Matasano security as he presented a hypothesis about the DNS finding.
Although the blog was later removed, the time it was published was enough for the information to leak out and now mirrors of the blog are available online.
As a result, the nature of DNS flaw is the public domain and all those who haven’t yet used the patch on their system are at risk from DNS poisoning.
Any attack code for the bug would try to cause DNS poisoning and will try to guide the users to a different website from the one they were visiting thereby making it easy for the hacker to obtain sensitive information from the users.
ISPs that still haven’t applied the patch are at high risk, as the hackers can take on large corporations using the flaw; though companies that use DNS proxy software are safe from the flaw.
The attacks are expected to start in a week’s time, by then most ISPs are expected to utilise the patch.