COMPANIES RUSHED TO upgrade DNS software after warnings were issued in late January about a flaw in widely used DNS software. In the past weeks, however, upgrading has come to a halt, concludes Reykjavik, Iceland-based DNS consultancy and software firm Men & Mice.

   ADVERTISEMENT
  

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Dell

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by Microsoft

RELATED LINKS
»  IE 7 bug reopens debate over patch responsibilities
»  Woman ordered to pay for file-sharing will appeal
»  McAfee to buy SafeBoot for $350M
»  Security RSS feed 

IDG ENTERPRISE NETWORK
Research Reports  (CIO)
Ask the Expert  (CIO)

TOP NEWS 


IT SOLUTION SEARCH
Men & Mice tested the DNS systems for the Web sites of Fortune 1000 companies and random dot-com domains at set dates after the alerts were released. The results were made public on the company's site. The Computer Emergency Response Team (CERT) at Carnegie Mellon University, meanwhile, said this week that it has begun receiving reports of BIND (Berkeley Internet Name Domain) holes being successfully exploited.

BIND, distributed free by the Internet Software Consortium (ISC), is software run by companies and ISPs to translate text-based Internet addresses into numbered IP addresses. Versions including both 4.9.x prior to 4.9.8 and 8.2.x are not secure, according to the CERT.

The day after the CERT and Network Associates' PGP security subsidiary sent out the warnings, 33.3 percent of Fortune 1000 sites were using a bad version of BIND and 40.27 percent of dot-coms were vulnerable. A week later, the figures were down to 17.4 percent and 16.73 percent, respectively, Men & Mice said.

After the big drop, which Men & Mice attributed to the "extensive media coverage" about the issue, the pace of companies updating DNS software fell off sharply. The latest tests, run on Feb. 21, showed that 12.4 percent of Fortune 1000 companies and 13.1 percent of dot-coms were still using insecure DNS software.

Men & Mice ran a similar test for DNS software used in the national domains of Germany (.de) and Switzerland (.ch) and the United Kingdom's commercial domain (.co.uk). Software for those domains was updated, but 15.29 percent of DNS servers in Germany, 11.54 percent in Switzerland, and 9.87 percent of the U.K.'s commercial domain remained vulnerable as of Feb. 21.

A patch to fix the problem is available on ISC's Web site at http://www.isc.org.