On 28 Jul 2008, at 12:08, Norberto Bensa wrote:
Quoting Dan Farrell <[EMAIL PROTECTED]>:
Dan Kiersky's own description, and web-based nameserver checker:
http://www.doxpara.com/
Alternate web-based nameserver checker (recommended by me! )
https://www.dns-oarc.net/oarc/services/dnsentropy
I don't get these tests. Why do they probe _my_ IP and not the IP
of my DNS servers? What's the point on probing me if _maybe_ the
servers are not patched?
Wild guess: the problem is with the client mode of operation. DNS
servers are affected because their clients to the root name-servers.
I think this vulnerability highlights the issue of using servers that
you TRUST.
It applies to other vulnerabilities, too. It doesn't matter if you
revoke your SSH key and upload it to OpenForge if the OpenForge
server itself is trusting an insecure SSH key, and an attacker can
use it to get at your account that way.
Stroller.
