On Sat, 09 Aug 2008 10:29:23 EDT, "Richard M. Smith" said: > In a posting on his blog > <http://tservice.net.ru/%7Es0mbre/blog/devel/networking/dns/2008_08_08.html> > , the physicist, Evgeniy Polyakov, wrote that he had fooled the software > that serves as the Internet's telephone book into returning an incorrect > address in just 10 hours
Vixie said "11 seconds". So the patch added a work factor of roughly 3,600, rather than the 64K that *full* randomization would have added. Or he just got lucky and it happened to work in the first 5% of the attack... But then, it was *known* that the patches merely made it harder to hit the hole, and DNSSEC is needed to *totally* fix the issue.
pgpNckxafLnOC.pgp
Description: PGP signature
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
