Haya Schulman would have liked to wait a few more months before making public the “most blatant DNS attack ever.” To give those affected time to install the updates – after all, attackers could paralyze entire institutions. “A single internet request is enough, for example, to paralyze critical infrastructure such as hospitals or power plants for 16 hours,” says the researcher at the National Research Center for Applied Cybersecurity Athene in an interview with ZEIT ONLINE. But as soon as the last patch for the security hole was deployed on Wednesday and it was published in the Common Vulnerabilities and Exposures (CVE) database (CVE-2023-50387), the first inquiries started pouring in: What was going on? So she’s talking about it now – also because the attack shows how difficult security is in practice.

SOURCE