An eight-year-old bug in the Internet's Domain Name Service (DNS) could be used to widely spread malware, according to security research Dan Kaminsky. He says a flaw found in the Gnu C standard library, aka "glibc," can trick browsers into looking up shady domain names. Servers could then reply with overly-long DNS names, causing a buffer overflow in the victim's software. That would in turn let hackers execute code remotely and possibly take over a machine. While the hole has already been patched, Kaminksy said "the buggy code has been around for quite some time -- since May 2008 -- so it's really worked its way across the globe." In other words, it could take ages for the fix to be applied broadly.More here --> www.engadget.com/
No comments:
Post a Comment