DNS servers are the “yellow pages” “phone book” of the internet.
whoever is running DNS servers get’s to know all queries send (what client is requesting and probably connecting to what address… basically: what websites the user have visited, this is very private sensitive data, so DNS servers need to be trustworthy)
what DNS server should user use?
“In June of this year, “Ripple20” (not only) shook the Internet of things:
19 vulnerabilities in a TCP/IP Stack for Embedded devices made “hundreds of millions” devices vulnerable, according to their discoverers.
Now, Stack analysis by another team of researchers using Fuzzing, a variant of automated software testing, and static Code analysis have revealed 33 new vulnerabilities, three of which were rated critical.”
auto translated from https://www.heise.de/news/Amnesia-33-ein-Ripple20-Deja-vu-im-Open-Source-Gewand-4982063.html
- CVE-2020-24336 (CVSS-Score 9.8/”Critical”, RCE, uIP)
- CVE-2020-24338 (CVSS-Score 9.8/”Critical”, RCE, picoTP)
- CVE-2020-25111 (CVSS-Score 9.8/”Critical”, RCE, Nut/Net)
- CVE-2020-25112 (CVSS-Score 8.1/”High”, RCE, uIP)
what to do?
in order develops need to look at the vulnerabilities, fix them, and vendors need to provide automatic updates to all devices
src of src: https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!