DNS software hole allows Web attacks

Security experts last week scorned Microsoft for having all four of its Domain Name System servers on a single subnet -- a weakness that became clear after a router configuration error knocked out the company's Web sites, including Microsoft.com, MSN.com and Expedia.com, for nearly 24 hours beginning Tuesday night.

Microsoft temporarily fixed the problem, only to find its sites unavailable intermittently on Thursday and Friday as hackers launched a pair of denial-of-service attacks.

Well, it turns out Microsoft isn't alone in its DNS troubles.

Men & Mice, a DNS software maker and consultancy based in Iceland, checked the Web site setup of 978 of the Fortune 1000 companies over the weekend and found 25% didn't pass muster.

As if that's not enough to make some folks question their DNS setups, security experts announced that there is a serious flaw in a DNS server that's widely used by enterprises. Two versions of BIND -- Berkeley Internet Name Domain, which is distributed for free by the Internet Software Consortium (ISC), contain a vulnerability that could let hackers take control of DNS servers and steal data. A fix is available on ISC's Web page.

Vitts to continue operating past February

Going, going . . . not gone. Last week, competitive local exchange carrier Vitts Networks said it's closing shop and will no longer serve its 20,000 New England customers. This week, the company says it's not closing, thanks to funding that will keep the troubled CLEC afloat past Feb. 28, the once-cited closing date.

Ariba to acquire Agile for $2.55 billion

Business-to-business e-commerce software developer Ariba Monday announced it is buying collaborative software developer Agile Software in an all-stock deal worth around $2.55 billion.

HP to lay off up to 1,770 staff by May

Hewlett-Packard Monday announced that it is thinning its marketing staff by up to 1,770 people, or 2% of its 85,500 employees. The layoffs are attributed to continuing restructuring efforts.

This story, "DNS software hole allows Web attacks" was originally published by Network World.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon