Free Republic

Russian researcher claims vulnerabilities can be exploited in less than a day, but others disagree... Patches meant to fix a flaw in the Internet's Domain Name System (DNS) don't completely protect the Web's traffic cop from attack, a Russian research claimed Friday. The head of the non-profit that maintains the most commonly used DNS software, however, said there was little to worry about. In a blog post , Russian researcher Evgeniy Polyakov said he had created an exploit able to insert bogus routing information into systems running the most-up-to-date version of BIND (Berkeley Internet Name Domain), the popular open-source software...

Summary This document describes Security Update 2008-005, which can be downloaded and installed via Software Update preferences, or from Apple Downloads.For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website.For information about the Apple Product Security PGP Key, see "How to use the Apple Product Security PGP Key."Where possible, CVE IDs are used to reference the vulnerabilities for further information.To learn about other Security Updates, see "Apple...

Excerpt - SAN FRANCISCO (AFP)--Internet security researchers warned Thursday that hackers have caught on to a "critical" flaw that lets them control traffic on the Internet. ~ snip ~ "We are in a lot of trouble," said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution. "This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please. This is a big deal." ~ snip ~