Last Updated: 2008-07-30 21:20:49 UTC
by David Goldsmith (Version: 1)
Ok, we have a confirmed instance where the DNS cache poisoning vulnerability was used to compromise a DNS server belonging to AT&T. This PCWorld article covers the incident. The original article makes it sound as though the Metasploit site was 'owned' by this incident when really the issue was that the AT&T DNS server was compromised and was providing erroneous IP addresses to incoming queries. This updated PCWorld article clarifies the first one.
Additional details can be found in this Metasploit blog post.
So we've moved from "the bad guys are out there" past "the invaders are at the gate" and on to "the bad guys are slipping inside". If your organization has not yet patched your DNS servers (see here) , please do so now.
We may be raising our InfoSec status to yellow soon to help raise attention to the serious nature of this issue.