Extra Feeds & Services »

Home / News

Widespread Vulnerabilities in Programs Using OpenSSL, Bind Security Patch Released

  • Jan 09, 2009 4:19 PM PDT
  • Comments: 0
  • Views: 1,463
Print Comment
Netcraft

New vulnerabilities have been discovered in multiple programs using OpenSSL, one of the standard cryptography libraries on Linux and Unix systems. Due to a common mistake in checking return values from functions checking digital signatures, several programs may be vulnerable to spoofing of digital signatures.

The most important affected program is ISC Bind, which is the most widely used DNS server on the internet. A flaw in its validation of signatures on DNSSEC replies means that the server may be vulnerable to DNS spoofing attacks even where DNSSEC is in use. ISC has released BIND 9.6.0-P1 to fix this bug.

Read full story: Netcraft

Related topics: DNS, DNSSEC, Security

Get a weekly summary of postings to CircleID:

 Master Feed (more feeds)      Twitter      Mobile
Bookmark / Email This Post
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

Just Say No, to Your ISP Subverting Your DNS Queries

  • Jun 25, 2009
  • Comments: 4

The Proxy Fight for Iranian Democracy

  • Jun 22, 2009
  • Comments: 2

No Honor Among Thieves on the Internet

  • Jun 18, 2009
  • Comments: 0

Most Popular Invalid TLDs Should Be Reserved

  • Jun 18, 2009
  • Comments: 2

Why Not an Interim Step Until DNSSEC is Ready?

  • Jun 18, 2009
  • Comments: 19
View More

Related News

US Teaming Up With Italy to Combat Cybercrime

  • Jun 30, 2009
  • Comments: 0

Trojans Fastest Growing Category of Data-Stealing Malware

  • Jun 30, 2009
  • Comments: 0

US Continues to Lead As Top Country Hosting Phishing Attacks

  • Jun 29, 2009
  • Comments: 0

Gary Warner: We Are Well Past Time to Declare a Spam Crisis in China

  • Jun 29, 2009
  • Comments: 4

SPECIAL: Updates from the ICANN Meetings in Sydney

  • Jun 26, 2009
  • Comments: 0
View More

Industry Updates – Sponsored Posts

Latest Brandjacking Index Examines How Fraudsters Abuse Financial Brands

NeuStar Addresses DNS Vulnerability with Cache Defender, a Secure DNS Authentication System

NeuStar Celebrates 10 Years of UltraDNS Managed DNS Service

A Seemingly Overwhelming Number of Important Documents Released by ICANN

.ORG First Open Top-Level Domain to be Signed with DNSSEC

  • By PIR
  • Views: 868

DNSSEC Industry Coalition Symposium is Announced

  • By PIR
  • Views: 918

NeuStar's UltraDNS to Power Growth of NDTV Convergence

SPIL GAMES Chooses MarkMonitor for Global Domain Management

Facebook Selects MarkMonitor Antifraud Solutions to Combat Malware

MarkMonitor AntiFraud Solutions, Combining Proven Antiphishing and Expert Antimalware Capabilities

Identify Infringing Domains to Optimize Online Search Marketing Spend

Consider Planning Now for Internationalized Top-Level Domains

DNSstuff.com Offers Trusteer Rapport Product to Help Users Boost Their Defenses Against Online Fraud

MarkMonitor AntiFraud Solutions Combine Proven Antiphishing and Expert Antimalware Capabalities

DNSSEC Industry Coalition Meets with Vint Cerf and Dan Kaminsky

  • By PIR
  • Views: 857

COCC Partners with MarkMonitor for Anti-Phishing Services

The DNSSEC Industry Coalition Announces the Formation of Its Registrar Review Team

  • By PIR
  • Views: 937

ICANN Mexico City Meeting Brings a Significant Shift in Direction for Brand Rights Holder Issues

MarkMonitor Year-in-Review Report Finds Online Abuse of Major Brands Was a Growth Industry for Fraud

DNSSEC FUD Buster: DNSSEC Slows the Internet?

  • By PIR
  • Views: 1,207
View More