“Because of its severity we’ve been actively monitoring to see when the exploit would be live,” Daniel Cid, founder and CTO of security firm Sucuri said in a blog post. He went on to point out that with the DNS server being such a major component of the Internet’s infrastructure, any downing of them on a large scale could see people’s ability to not only visit certain sites disappear, but could also affect email accounts.
Related: Logjam HTTPS exploit downgrades security to get at your data
Fortunately for those only just now discovering the problem, there is a simple fix. A patch was recently released that corrects the issue (available via Ars) and is currently the only method available to shore up a server’s defenses.
There is a method to discover if your server has been affected by the bug. To do so, check your logs for any mentions of “ANY TKEY.” If that turns up, chances are the DNS has been affected.
In reality, searching the logs for any mention of a TKEY request isn’t a bad plan, since they are not a common occurrence and are likely to indicate the exploitation of the security loop hole.
Keeping software up to date is always the best practice for protecting systems, but it’s not always easy with the way these flaws pop up.
