Firewall Vendors Scramble to Fix DNS Problem
Robert McMillan writes on PC World:
Nearly a month after a critical flaw in the Internet's Domain Name System was first reported, vendors of some of the most widely used firewall software are scrambling to fix a problem that can essentially undo part of the patches that address this bug.More here.
The DNS flaw affects server software made by many vendors, including Microsoft, Cisco Systems, and the Internet Systems Consortium.
Some firewall software undoes a source port randomization feature that was introduced in the DNS patches. While this change doesn't completely negate the DNS patch, it could make it easier for attackers to pull off a cache-poisoning attack against the DNS server, security experts say.
This could lead to virtually undetectable phishing attacks against users of those DNS servers.