I assume most of you have heard about the recent BIND/MS DNS updates to somewhat address a new DNS spoofing attack vector discovered by Dan Kaminsky.
What you may not have heard is that the Unix stub resolver, part of glibc, is also vulnerable. Does anyone know if/when glibc will be patched against this? Until it is, you should disable nscd (the stub resolver's caching daemon) if you're using it. (Also disable any other DNS caching routine you have running until the problem is addressed by the vendor - too bad Mac users really can't do this.) This will reduce your exposure, although not as much as using a patched stub resolver would. Chris Buxton Professional Services Men & Mice -- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
