(TheForceField.Net ) July 23, 2008 –A security company accidentally posted details of the DNS bug on their web blog Monday morning.
The bug was discovered by Dan Kaminsky of IOActive, Inc. and announced to the public earlier this month after a patch was created with the rare co-operation of major software vendors. Kaminsky planned to publicly release details of the DNS bug at the Black Hat conference next month and requested those who were already in the know to keep it under wraps until then.
However, a representative at Matasano, a security research and development company, accidentally confirmed details of the DNS flaw in a blog post July 21. The post has since been removed but not before it could be read by many and cached in Google.
Now security experts predict the first attack based on the flaw is only days away and are warning the public to patch immediately and brace for the worst.
In an apology posted on the Matasano blog Monday, Thomas Ptacek, Principal, Mantasano Research, explained the snafu. "Earlier today, a security researcher posted their hypothesis regarding Dan Kaminsky’s DNS finding", Ptacek stated. "Shortly afterwards, when the story began getting traction, a post appeared on our blog about that hypothesis. It was posted in error. We regret that it ran. We removed it from the blog as soon as we saw it. Unfortunately, it takes only seconds for Internet publications to spread", he added.
"We dropped the ball here", Ptacek admitted.