[serverguy]

Saw this elsewhere and thought it was a bit scary

Quote:

tkrabec alerts us to a CERT advisory announcing a massive, multi-vendor DNS patch released today. Early this year, researcher Dan Kaminsky discovered a basic flaw in the DNS that could allow attackers easily to compromise any name server; it also affects clients. Kaminsky has been working in secret with a large group of vendors on a coordinated patch. Eighty-one vendors are listed in the CERT advisory (DOC). Here is the executive overview (PDF) to the CERT advisory — text reproduced at the link above. There's a podcast interview with Dan Kaminsky too. His site has a DNS checker tool on the top page. "The issue is extremely serious, and all name servers should be patched as soon as possible. Updates are also being released for a variety of other platforms since this is a problem with the DNS protocol itself, not a specific implementation. The good news is this is a really strange situation where the fix does not [immediately] reveal the vulnerability and reverse engineering isn't directly possible."

[4D(Fordy(Ford) Ollie]

sounds a bit April-the-first-y..?

I'm constantly baffled by new found information on the web, only to later find out it was posted on April 1, some years ago...

[thingie2]

Well I don't know if it's true that there is a serious flaw that makes it easy, but it is possible. I have read about people using it to re-direct to a website to gain passwords etc.

[serverguy]

No. It was true and patches were released to fix it very quickly. Most server admins had it installed within hours of it being released.

[computeruler]

am i safe now? i have opendns

[thingie2]

Yea, you should be, it will all be patched up now

[computeruler]

ok thats good