Lars Hecking wrote:
> Vincent Poy writes:
>
>> What about this since it seems even the patch is vulnerable to a degree:
>> http://www.theinquirer.net/gb/inquirer/news/2008/08/10/physicist-hacks-dns-patch
>>
>
> http://marc.info/?l=bind-users&m=121834710707369&w=2
>
The Inquirer should be slapped for this. All this "bored" physicist
accomplished was a brute-force attack over a high-speed connection. He
didn't expose any *new* vulnerability whatsoever. Yet, the Inq reports
it as "Alarmed insecurity experts warned the patch could be exploited to
redirect Internet traffic ...". No quotes, no attributions. Very
irresponsible.
(What's an "insecurity expert" anyway? An expert in feelings of inadequacy?)
- Kevin
