Another mad day at work!

Well the DNS security crisis continued today with more customers calling us in response to the CERT advisory that came out on Tuesday. Fortunately we are now able to offer a pre-release version of code that fixes it, but our vendor is saying it won’t have a full regression tested version available until late July! That’s potentially 3 weeks away.
I have since found out that the guy who "discovered" the problem has been co-ordinating with many vendors over the past 6 months to get the patches ready to address this problem, and he is going public with full details of how to exploit the vulnerability on August 6th at a hacker convention in Las Vegas. This means if some of our customers want to wait until the full GA version of code is available, they will only have 1 week in which to patch their servers before full details of the problem are fully disclosed (which will enable hackers to have full access to the vulnerability and devise ways to exploit it). As most of our customers are big FTSE 100 companies, they will struggle to patch their servers that quickly due to internal change control procedures, leaving their servers exposed to a potential hack (which will be much more likely after August 6th).
Maybe I should just take the first 2 weeks of August off on holiday! 🙂
This entry was posted in Computers and Internet. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s