PDA

View Full Version : Re: Lesson From the DNS Bug: Patching Isn't Enough



nemo_outis
07-24-08, 11:19 AM
Anonymous Remailer <mixmaster@gpftor3.privacyfoundation.de> wrote in
news:401e1e48c15ac77e075ad323fb80339e@gpftor3.privacyfoundation.de:

> http://www.wired.com/politics/security/co




A copy (one of many!) of the leaked blog describing the DNS flaw is here:

http://blogs.buanzo.com.ar/2008/07/matasano-kaminsky-dns-forgery.html

Exploit code has already been published on Metasploit and elsewhere. See,
for instance:

http://www.caughq.org/exploits/CAU-EX-2008-0002.txt

Scary stuff!

Regards,

PS One dns server software implementation that is inherently immune to the
bug is here:

http://cr.yp.to/djbdns.html