The BBC and other main stream media websites have been covering this issue today.
Dan Kaminsky found the issue 6 months ago and has managed to get the world’s biggest companies to work together to issue patches and fixes.
The “Issue” in question is a serious vulnerability in the world’s DNS system, as yet unpublished, which essentially meant that your requests for websites could have been redirected at will by hackers.
I’m desperately trying to highlight that this issue has been fixed, or is being fixed… and trying and not turn it into a Daily Mail style hackers-are-going-to-steal/knife-your-children post.
Dan Kaminsky’s niece manages to explain the issue rather well..
Getting back to Dan and his efforts. He was also able to convince Yahoo to publicly ditch an unpatchable system (BIND 8). Yahoo are the world’s biggest user of BIND 8 so this is a massive undertaking and highlights the seriousness of the issue.
Dan Kaminsky has not yet published the issue and to quote directly from his website he is asking for 30 days to get this in place.
…But I also want my family to be able to use the Internet in peace. I’m not asking for forever. I am asking about thirty days. I’ve done everything in my power to get the patches available, no matter the platform….
The family part of the quote in my mind cements the seriousness of the issue he has found.
He is also asking fellow security experts/hackers to not to try and figure out the issue and concentrate on fixing existing issues…another quote:
And so, I ask the open research community…assume I found nothing! Assume this is nothing but a stunt….
The last person to leave the internet please turn off the lights…