Problems Reported with DNS Vulnerability Patch

Reports from IT directors and major IT suppliers indicate that the security hole in Internet Domain Name System servers is being patched -- but not everyone, nor every company, is responding quickly.

News of the flaw in some DNS servers was leaked to the public on July 8, catching many server administrators by surprise. The hope was that most servers could be patched and ready before the public became aware of the problem. But as a result of the leak, many servers worldwide remain vulnerable to attack.

Although no hacker software has yet been discovered that exploits the vulnerability, the potential exists for hackers to spoof the servers that translate URLs such as www.yourbank.com to an illegitimate location. The flaw could allow malicious programmers to redirect requests for Web sites to bogus sites, potentially capturing personal data such as bank account information and passwords to legitimate Web destinations.

Who Is Patched and Who Isn't

Most American Internet service providers have corrected the problem with the patch, but some have yet to fully fix the problem. There is no concrete number on the servers that are affected, but worldwide estimates are in the hundreds of thousands. Comcast, Verizon, Microsoft and Cisco Systems are a few corporations that have gone on record as completing the vulnerability patch.

According to some reports, PowerDNS, used by AOL and Deutsche Telekom, is immune from the flaw. Developed by a Dutch company of the same name, the software is open source. In a letter posted on the company's Web site, PowerDNS founder Bert Hubert says, "We're being approached from various angles about PowerDNS and the recently discovered DNS vulnerability. To clear up any possible confusion, I'd like to state that since 2006, PowerDNS has not been vulnerable for the issue reported ... In fact, we've been warning the DNS community...