It is legit but it doesn't matter whether its legit or hyped, there's no harm in patching/securing your DNS server, right?
On Thu, Aug 7, 2008 at 6:28 PM, Gabriel H. Mercado <[EMAIL PROTECTED]>wrote: > Just wanted to poll a few reactions if any, to the latest security threat > released (and averted). Article snippets: > * > **Web Doomsday Averted: Kaminsky* > Security researcher Dan Kaminsky argues that the recent DNS vulnerability > wasn't just hype: it could have destroyed the Web. > > LAS VEGAS -- The recent Domain Name System (define) caching flaw that had > security experts scrambling to protect the Web wasn't just hype. The > Internet as we know it was at risk, according to a security researcher Dan > Kaminsky. > > During a discussion on front of a packed hall at the Black Hat conference > today, Kaminsky detailed flaws in the system that translates domain names > into IP addresses, which he's been trying to hide for the last thirty days. > > In a 70-minute session with over 50 slides, Kaminsky explained in > excruciating detail the flaw in DNS and the myriad ways it could have been > exploited to destroy the Internet as we know it. > > Explanation in a nutshell: > > Each DNS request is supposed to carry with it a random number transaction > ID. But it turns out that the random number is only one out of 65,000 -- > much more than was needed. This is what vendors have patched. > > > Full article here: > http://www.internetnews.com/infra/article.php/3763631/Web+Doomsday+Averted+Kaminsky.htm > > what do you think? > > Gary > > > > _________________________________________________ > Philippine Linux Users' Group (PLUG) Mailing List > http://lists.linux.org.ph/mailman/listinfo/plug > Searchable Archives: http://archives.free.net.ph > -- http://jangestre.wordpress.com
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
