The Last HITB Security Conference in Malaysia

Hands-on Technical Trainings - 13th & 14th October

http://conference.hitb.org/hitbsecconf2014kul/#tile_schedule

Triple-Track Conference - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/conference-speakers/

 

Capture the Flag - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/capture-the-flag/

HackWEEKDAY - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/hackweekday/

CommSec Village - 15th & 16th October

http://conference.hitb.org/hitbsecconf2014kul/commsec-village/

REGISTER ONLINE NOW

Mystery flaw crashing DNS servers across the internet

http://www.flickr.com/photos/volldamm/130672023/

Internet globeA zero-day vulnerability is causing BIND 9 DNS servers to crash across the internet. The flaw, described as an "as-yet unidentified network event", appears to be a denial of service vulnerability being exploited in-the-wild. The flaw affects all supported versions of BIND.

The internet Systems Consortium (ISC) have described the problem as follows:

    An as-yet unidentified network event caused BIND 9 resolvers to cache an invalid record, subsequent queries for which could crash the resolvers with an assertion failure...
    Affected servers crashed after logging an error in query.c with the following message: "INSIST(! dns_rdataset_isassociated(sigrdataset))

The cause of the crash is still under investigation but the ISC have reacted swiftly with a set of temporary patches that will prevent servers from crashing. There is no known workaround for the problem and BIND users are encouraged to upgrade.