Securing DNS From The Roots Up
jeffy124 writes: "This article at ComputerWorld tells the story of how ICANN would like to replace the root DNS systems with secured servers. Lars-Johan Liman, one of the root operators, spoke about the concept at ICANN's annual meeting today. He discussed how the world's current redundant DNS system is vulnerable to DDOS attacks and yet-to-be-discovered root holes in bind that can ultimately undermine the entire Internet by taking away the name-IP mappings that are relied upon by just about everyone."
ps0t the fr1st!!
FLUFF!
where that nigger is getting beat by his master. i wore out my copy of that movie rewinding and watching that part over and over. goddamn i love to see a nigger get what he deserves.
But then we would have none of this
"I eat out assholes."
— Timothy
- Sun has a horrendous response time on vulnerabilities in Solaris. One study I read said that the average "exposure time" between an exploit release and a corresponding patch release was about 40-50 days. It's no wonder so many Solaris boxes get cracked, given their relative obscurity.
- Linux has such advanced features as POSIX capabilities, a working chroot() syscall that actually isolates processes, and safe privilege bridging mechanisms. Commercial UNIces have none of these. They allow Linux admins to use a much more fine-grained security model to control potentially rogue processes like BIND.
- Linux (except for SuSE) has far fewer setuid programs. On most UNIX systems, ps, whodo, netstat, xlock, and several other ridiculous programs are either setuid root or setgid kmem. Yes, even on OpenBSD. No wonder they have local root exploits so often.
- Linux has proper restrictions on signal passing. Other UNIces can be tricked into delivering malicious signals through several ioctl calls. (I have a Solaris source code license and I have seen several areas where more checking needs to be done. Sun ignores my complaints.)
Commercial UNIX operating systems do have some scalability advantages over Linux when run on big iron (64+ processor) machines. But when the integrity of the DNS system is at stake, there is no choice other than Linux.~wally
But that's a cow, not the goat I know and love.
yeah, how do you get the goatse.cx ip address???
thats for the input asshole, but i already found out what was wrong myself. Suck my cock asshole.