Time Warner, others slow to patch DNS bug

(TheForceField.Net ) July 28, 2008 — Weeks after the DNS bug was announced publicly and a patch was officially made available, many ISPs have yet to patch their servers. Among those deemed by the industry as slow to respond include AT&T, Earthlink and Time Warner.

The flaw, discovered by security researcher Dan Kaminsky, is considered a serious and dangerous one. It was given immediate attention and a patch was quickly developed and released by a rare consortium of software companies. Shortly afterward the first code that exploits the bug was released and is now in the hands of hackers. Yet, for all the concern and risk involved in leaving their servers vulnerable to attack , many ISPs are taking their time to employ the fix. Why?

According to Earthlink, they are working to complete the patch for their server farms now.  Jesus Lopez, Senior Manager of Core Services Engineering told the Force Field that they already patched the first of two server farms and are in the process of patching the second. "We are on schedule to complete our patching by 7/31", Lopez said.

Officials at Time Warner could not be reached for comment.

The DNS flaw allows hackers to launch undetectable attacks on users of ISPs that have not patched their servers. The code can also be used to redirect Internet users to phony software update servers to download and install malware.

Security experts are warning everyone to patch immediately. To check the vulnerability of your ISP or DNS server go to Dan Kaminsky's blog at http://www.doxpara.com . If your ISP has not patched or is vulnerable you can use OpenDNS .

 

 

System Management News

 

Leave a Comment