Google, Red Hat discover critical DNS security flaw that enables malware to infect the entire Internet
February 24, 2016 11:58 GMT
Google and Red Hat engineers have discovered a crucial security flaw in the internet's infrastructure that would enable attackers to cripple the entire internetiStock
Google and security firm Red Hat have discovered a critical security flaw in the Internet's Domain Name System (DNS) that affects a library in a universally used protocol. This means an attacker could use it to infect almost everything on the entire internet. With the flawed code spread far and wide, it will likely take years of effort to patch the bug.
Google engineers and Red Hat researchers both independently discovered the DNS bug within the GNU C standard library (glibc) called CVE-2015-7547, and then worked together to create a patch. The security vulnerability works by tricking browsers into looking up suspicious domains, which causes servers to reply with DNS names that are far too long, thus causing a buffer overflow in the victim's software.
The buffer overflow would then make it possible for an attacker to remotely execute code and take over the computer, and they could perform this exact same attack on machines all over the world, as the code containing the flaw has been in use since May 2008 and affected all versions of glibc since version 2.9.
Flaw can affect almost all parts of internet infrastructure
To understand how damaging this flaw could be, security researcher Dan Kaminsky explains on his blog that it is far worse than the Heartbleed OpenSSL bug or Shellshock Linux Bash and Mac OS X bug, which infected things connected to a network, rather than everything that makes up the internet, such as network tools and even software.
The reason it is such a big problem is that most Internet software is built on Linux, and it is already known that if an attacker were to infiltrate an enterprise's network, for example, the attacker would then be able to easily take over all the systems running Linux.
In the same fashion, in order to connect to the internet, Linux uses the Gnc C standard library to connect to DNS to resolve domain names to IP addresses, and therefore the attacker would be able to capitalise on this.
The last DNS flaw took 10 years to fix
"It's problematic that, a decade after the last DNS flaw that took a decade to fix, we have another one. It's time we discover and deploy architectural mitigations for these sorts of flaws with more assurance than technologies like ASLR can provide," Kaminsky writes.
On the plus side, although there are millions of DNS caches across the internet, no researchers have yet to be able to get the glibc DNS bug to work through caches, and therefore, Kaminsky says that only "some networks are going to be vulnerable to some cache traversal attacks sometimes".
However, he says that while this might not be an immediate problem, if this flaw is not patched soon, it could become a much bigger problem a year or two down the line.
For a great satire on email, please see the following:
Good Netiquette And A Green Internet To All!
Special Bulletin - My just released book,
is now on sales at Amazon.comGreat Reasons for Purchasing Netiquette IQ
· Get more email opens. Improve 100% or more.
· Receive more responses, interviews, appointments, prospects and sales.
· Be better understood.
· Eliminate indecision.
· Avoid being spammed 100% or more.
· Have recipient finish reading your email content.
· Save time by reducing questions.
· Increase your level of clarity.
· Improve you time management with your email.
· Have quick access to a wealth of relevant email information.
Enjoy most of what you need for email in a single book.
=================================**Important note** - contact our company for very powerful solutions for IP
management (IPv4 and IPv6, security, firewall and APT solutions:
Another Special Announcement - Tune in to my radio interview, on Rider University's station, www.1077thebronc.com I discuss my recent book, above on "Your Career Is Calling", hosted by Wanda Ellett.In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” has just been published and will be followed by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
In addition to this blog, I maintain a radio show on BlogtalkRadio online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahooa member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ and PSG of Mercer County, NJ.
I am the president of Tabula Rosa Systems, a “best of breed” reseller of products for communications, email, network management software, security products and professional services. Also, I am the president of Netiquette IQ. We are currently developing an email IQ rating system, Netiquette IQ, which promotes the fundamentals outlined in my book.
Over the past twenty-five years, I have enjoyed a dynamic and successful career and have attained an extensive background in IT and electronic communications by selling and marketing within the information technology marketplace.Anyone who would like to review the book and have it posted on my blog or website, please contact me firstname.lastname@example.org.