DNS

Update: Let’s Get Cyberphysical: Internet Attack shuts off the Heat in Finland

In-brief: a Distributed Denial of Service (DDoS) attack resulted in the loss of heating to two buildings in the city of  Lappeenranta in eastern Finland according to a report by local media, the latest example of downstream effects of cyber attacks on connected infrastructure. Editor’s note: updated with comment from Mr. Rounela, the CEO of Valtia.  11/8/2016

Attack on Managed DNS Firm Hobbles Twitter, Spotify, Others

In-brief: A sustained denial of service attack against Dyn, a provider of hosted domain name system (DNS) services hobbled some of the Internet’s most trafficked websites on Friday. Its source or intended purpose still aren’t known.

DNS-Linked Flaw Leaves Many Systems Vulnerable

In-brief: Researchers at Google are warning about a previously undetected flaw in a widely used open source library could be exploited by attacks using overly long web domain names.

Threats in 2014: Bears and Pandas and Malware – Oh My!

  In-brief: a report from the firm CrowdStrike finds sophisticated nation-backed hacking groups were very active in 2014, with attacks on governments, pro-democracy advocates as well as banks and retailers.

The Enduring Terribleness of Home Router Security Matters to IoT

Last week, home broadband router maker ASUS was the latest vendor to issue an emergency patch for a critical vulnerability in its products. This, after proof-of-concept exploit code was released for the so-called “Inforsvr” vulnerability that affects several ASUS home routers. That vulnerability -if left unpatched – would allow anyone with access to a home- or small business network that used an ASUS broadband router to, essentially, commandeer the device. The “infosvr” feature is typically used for device discovery by the ASUS Wireless Router Device Discovery Utility, but the service also allowed unauthenticated users to execute commands through it using the “root” permissions, according to researcher Friedrich Postelstorfer, who created a proof of concept exploit for the security hole and released it on January 4. The exploit code finally prompted a patch from ASUS on January 13. The company had spent months analyzing the issue and working on a fix. Patch aside, it has been a worrying month for the […]