Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Site Notices
Posted: 2/24/2016 1:26:34 PM EST
[Last Edit: 2/24/2016 1:26:50 PM EST by False_Prophet]
http://www.ibtimes.co.uk/google-red-hat-discover-critical-dns-security-flaw-that-enables-malware-infect-entire-internet-1545687

Google engineers and Red Hat researchers both independently discovered the DNS bug within the Gnu C standard library (glibc) called CVE-2015-7547, and then worked together to create a patch. The security vulnerability works by tricking browsers into looking up suspicious domains, which causes servers to reply with DNS names that are far too long, thus causing a buffer overflow in the victim's software.

The buffer overflow would then make it possible for an attacker to remotely execute code and take over the computer, and they could perform this exact same attack on machines all over the world, as the code containing the flaw has been in use since May 2008 and affected all versions of glibc since version 2.9.

Flaw can affect almost all parts of internet infrastructure

To understand how damaging this flaw could be, security researcher Dan Kaminsky explains on his blog that it is far worse than the Heartbleed OpenSSL bug or Shellshock Linux Bash and Mac OS X bug, which infected things connected to a network, rather than everything that makes up the internet, such as network tools and even software.
View Quote
Link Posted: 2/24/2016 1:28:17 PM EST
Ohhh boy.
Link Posted: 2/24/2016 1:28:54 PM EST
SKYNET
Link Posted: 2/24/2016 1:30:18 PM EST
Worse than Y2K.

Posted Via AR15.Com Mobile
Link Posted: 2/24/2016 1:30:55 PM EST
Wasn't this a week or two ago or am I thinking of a different bug?
Link Posted: 2/24/2016 1:33:39 PM EST
"If only it was written in Javascript..."
Link Posted: 2/24/2016 1:36:27 PM EST
THE ENTIRE INTERNETS!!!!!!!OH NOES!!!!!!!!!!!!!!!!
Link Posted: 2/24/2016 1:36:40 PM EST
Link Posted: 2/24/2016 1:39:03 PM EST
Meh, nothing that bad. Easily patched, only affects linux machines.

Ironic windows machine aren't affected
Link Posted: 2/24/2016 1:41:19 PM EST
Originally Posted By False_Prophet:
http://www.ibtimes.co.uk/google-red-hat-discover-critical-dns-security-flaw-that-enables-malware-infect-entire-internet-1545687

Google engineers and Red Hat researchers both independently discovered the DNS bug within the Gnu C standard library (glibc) called CVE-2015-7547, and then worked together to create a patch. The security vulnerability works by tricking browsers into looking up suspicious domains, which causes servers to reply with DNS names that are far too long, thus causing a buffer overflow in the victim's software.

The buffer overflow would then make it possible for an attacker to remotely execute code and take over the computer, and they could perform this exact same attack on machines all over the world, as the code containing the flaw has been in use since May 2008 and affected all versions of glibc since version 2.9.

Flaw can affect almost all parts of internet infrastructure

To understand how damaging this flaw could be, security researcher Dan Kaminsky explains on his blog that it is far worse than the Heartbleed OpenSSL bug or Shellshock Linux Bash and Mac OS X bug, which infected things connected to a network, rather than everything that makes up the internet, such as network tools and even software.
View Quote
View Quote


Interesting first post...
Link Posted: 2/24/2016 1:47:31 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By fettesbrotde:
Meh, nothing that bad. Easily patched, only affects linux machines.

Ironic windows machine aren't affected
View Quote

LAMP runs the internet.
Link Posted: 2/24/2016 1:49:21 PM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By HKUSP45C:

LAMP runs the internet.
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By HKUSP45C:
Originally Posted By fettesbrotde:
Meh, nothing that bad. Easily patched, only affects linux machines.

Ironic windows machine aren't affected

LAMP runs the internet.


Link Posted: 2/25/2016 6:55:42 AM EST
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By TXN_Infidel:


Interesting first post...
View Quote View All Quotes
View All Quotes
Discussion ForumsJump to Quoted PostQuote History
Originally Posted By TXN_Infidel:
Originally Posted By False_Prophet:
http://www.ibtimes.co.uk/google-red-hat-discover-critical-dns-security-flaw-that-enables-malware-infect-entire-internet-1545687

Google engineers and Red Hat researchers both independently discovered the DNS bug within the Gnu C standard library (glibc) called CVE-2015-7547, and then worked together to create a patch. The security vulnerability works by tricking browsers into looking up suspicious domains, which causes servers to reply with DNS names that are far too long, thus causing a buffer overflow in the victim's software.

The buffer overflow would then make it possible for an attacker to remotely execute code and take over the computer, and they could perform this exact same attack on machines all over the world, as the code containing the flaw has been in use since May 2008 and affected all versions of glibc since version 2.9.

Flaw can affect almost all parts of internet infrastructure

To understand how damaging this flaw could be, security researcher Dan Kaminsky explains on his blog that it is far worse than the Heartbleed OpenSSL bug or Shellshock Linux Bash and Mac OS X bug, which infected things connected to a network, rather than everything that makes up the internet, such as network tools and even software.


Interesting first post...

and user name. page?
Link Posted: 2/25/2016 6:59:25 AM EST
Norcal to aisle 5 for cleanup!
Top Top