Hi Everyone, This is true but an old one. It's only now that it's highlighted because there were numerous victims already; 5-10 years back, this sounded absurd and the number of possible victims are lower in numbers). The point of the matter is that the whole internet infra wasn't designed for security; it was designed for collaboration when it started.
Originally (around 5 years ago or later), malware writers were motivated by prestige and pride (the more infection, the better the prestige in the cracking community); this has changed significantly - it's now driven by $$$$. I remember checking a malicious tool, that requires subscription because the developers offer technical support - that's how sophisticated they are nowadays! Finally, they do not attack by brute force and show their achievements; nowadays, it's by stealth. The reported incidents in the news, I believe that's only the tip of the iceberg. Mav On Fri, Aug 8, 2008 at 9:28 AM, Gabriel H. Mercado <[EMAIL PROTECTED]>wrote: > Just wanted to poll a few reactions if any, to the latest security threat > released (and averted). Article snippets: > * > **Web Doomsday Averted: Kaminsky* > Security researcher Dan Kaminsky argues that the recent DNS vulnerability > wasn't just hype: it could have destroyed the Web. > > LAS VEGAS -- The recent Domain Name System (define) caching flaw that had > security experts scrambling to protect the Web wasn't just hype. The > Internet as we know it was at risk, according to a security researcher Dan > Kaminsky. > > During a discussion on front of a packed hall at the Black Hat conference > today, Kaminsky detailed flaws in the system that translates domain names > into IP addresses, which he's been trying to hide for the last thirty days. > > In a 70-minute session with over 50 slides, Kaminsky explained in > excruciating detail the flaw in DNS and the myriad ways it could have been > exploited to destroy the Internet as we know it. > > Explanation in a nutshell: > > Each DNS request is supposed to carry with it a random number transaction > ID. But it turns out that the random number is only one out of 65,000 -- > much more than was needed. This is what vendors have patched. > > > Full article here: > http://www.internetnews.com/infra/article.php/3763631/Web+Doomsday+Averted+Kaminsky.htm > > what do you think? > > Gary > > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- Regards, Maenard --------------------- "Ability is what you're capable of doing... Motivation determines what you do... Attitude determines how well you do it."
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
