TechRadar reports on the major issue which originates in a piece of server software called Bind. Although most people will never have heard of it, Bind is used by the majority of Linux-based DNS servers to translate addresses such as “digitaljournal.com” into the actual numerical IP address of the physical servers hosting the site.
Bind is one of the oldest and most widespread software components used as the infrastructure of the Internet so any issue found in it has to be taken seriously. Its correct operation is essential for the Internet to remain functional but last week’s discovery of a gaping flaw in Bind’s little-used TKEY program has opened the floodgates to attacks.
As Ars Technica reports, a hacker can crash the domain name servers that Bind controls by using a single command, preventing web addresses from being routed to the correct servers. An attacker could choose whether to leave everything shut down — completely destroying the Internet — or could redirect legitimate traffic to their own web servers, serving up some malicious software instead of the expected webpage.
Daniel Cid, founder and CTO of security research firm Sucuri, wrote in a blogpost that the attacks were already beginning. He said: “We can confirm that the attacks have begun. DNS is one of the most critical parts of the Internet infrastructure, so having your DNS go down also means your email, HTTP and all other services will be unavailable.”
An update for Bind that patches the issue is already available but not widely installed. It has to be manually applied and cannot be automatically downloaded so it may take a while before all affected systems are secured.
Many server administrators are likely to leave their systems unprotected for some time, either due to lack of awareness or because installing the update requires a restart of all DNS servers under Bind’s control. This could lead to downtime during which a website would be inaccessible but is a much better alternative to allowing hackers to take complete control.