New products found vulnerable to DNS rebinding attacks
However, in recent months, things have started to change. Interest into DNS rebinding flaws from well-known security researchers like Google's Tavis Ormandy has re-brought this issue into the limelight.
Flaws have been discovered and fixed in products such as
Blizzard's Update Agent, the
uTorrent client, and the
geth Ethereum mining software.
One of the latest deep-dives into DNS rebinding attacks comes from Chicago-based Brannon Dorsey. Yesterday, he published his latest research on the matter, which included a study of some modern IoT equipment and how they handle a DNS rebinding attack.
To nobody's surprise, Dorsey found that most of the equipment he tested was vulnerable. For the past three months, he's badgered vendors to patch these issues and found no success until two members of the press got involved and also started asking questions on the topic. More below: