Patched DNS servers still vulnerable to cache poisoning
By Dan Goodin in San FranciscoLarge swaths of the internet remain at risk from a potentially crippling vulnerability in the net’s address lookup system even after installing emergency patches, a researcher has warned.
Russian researcher Evgeniy Polyakov posted exploit code here, which he says allowed him to poison domain-name system servers running the most recent version of the Berkeley Internet Name Domain (BIND), the most popular software for translating domain names into numeric IP addresses. The attack, which poisons the records of domain-name system servers with incorrect information, could allow criminals to silently redirect millions of users to fraudulent websites that attempt to steal login credentials or install malware.
Russian cybercrooks turn on Georgia
By John Leyden
Conflict between Georgia and Russia on the ground has been accompanied by the relaunch of cyber-attacks against Georgian government websites.
The Georgian presidential (www.president.gov.ge) and other government websites (such as www.parliament.ge) were left inaccessible by assaults over the weekend, in a repeat of attacks in late July before tensions over the breakaway region of South Ossetia spilled over into armed conflict. The DDoS attack appears to be using a Russian malware variant from the Pinch family and a command and control server based in Turkey. Nationalist articles in Russian language papers are apparently inspiring Russia’s digital underground to get involved in assaults on Georgia’s web-facing systems.
Squish 3.4.1 released
Today the latest version of Squish was released.