A serious flaw in the basic systems of the internet has been uncovered. This means that the process used to convert URLs into IP addresses can be manipulated with malicious intent, causing websites to crash.
A networking expert at Sucuri, Daniel Cid, says hackers are already making use of the bug, which lies in the very architecture of the internet itself.
The flaw makes so-called denial-of-service attacks possible on major internet sites.
Services could be forced offline
A hacker who uses the exploit could force internet services offline, although end users are highly unlikely to be personally attacked.
The system affected is Bind, which is a type of Domain Name System (DNS) software that the majority of internet servers use.
The developer of Bind, The Internet Systems Consortium (ISC), commented on Twitter that the flaw was “particularly critical” and “easily exploited”.
Although a patch is available, many systems have not yet applied the update.
A spate of attacks is expected in the next few days as news of the vulnerability spreads.
Cybersecurity expert Brian Honan explained that websites could be accessed using cached data even after the patch has been applied.
However, the effect of this on general internet users isn’t likely to be severe.
“It’s not a doomsday scenario, it’s a question of making sure the DNS structure can continue to work while patches are rolled out,” Honan said.
Cid, who originally blogged about the issue, confirmed: “Average internet users won’t feel much pain, besides a few sites and email servers down.”