Thanks to this information being released on the Internet before everyone could get their systems fixed, the first attacks using this flaw are being seen in the wild (on the Internet). Yesterday, James Kosin announced on his blog that the attacks are starting and it's time to patch or upgrade now. Websense also announced the same thing with a security alert.
Impromptu research by Kaminsky reveals that as of yesterday just over 50 percent of the unique name servers are vulnerable to this attack. On July 9th, roughly 85 percent of the unique name servers were vulnerable. Undoubtedly, there are a lot of computer security types working this weekend.
Individual users, who have their systems set for automatic updates probably will receive the patch as soon as it is released by their provider. Please note that older systems might still be vulnerable until they are updated.
I guess the best thing for us "little people" to do is to make sure our systems are updated. I would recommend doing it manually if you aren't set up for automatic updates.
Further details of this will be covered by Kaminsky at the upcoming Black Hat Conference scheduled on August 6th.
Article comments