Web is in a BIND — serious flaw can throw sites offline

4 Aug 20158 Shares

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Having your DNS go down also means your email, HTTP and all other services will be unavailable

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Hackers are exploiting a serious flaw in the internet’s architecture. The BIND9 bug can take down domain name servers as well as email, HTTP and all other services.

BIND is one of the most popular DNS servers in the world. It comes bundled with almost every cPanel, VPS and dedicated server installation and is used by most DNS providers.

Last week the Internet Systems Consortium (ISC) team released a patch for a serious denial of service vulnerability (CVE-2015-5477) that allows a remote and unauthenticated attacker to crash the BIND (named) daemon, taking down a DNS server.

The bug allows hackers to crash the software and take DNS services offline, preventing URLs from working.

However, many systems have yet to be updated with the patch.

“Because of its severity we’ve been actively monitoring to see when the exploit would be live,” said Daniel Cid, a security researcher with Sucuri.

“We can confirm that the attacks have begun.

“DNS is one of the most critical parts of the internet infrastructure, so having your DNS go down also means your email, HTTP and all other services will be unavailable.”

Armageddon image via Shutterstock

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com