Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Downplaying Recent DNS Vulnerability

Posted by kdawson on from the it's-nothing-really dept.

Microsoft Watch writes "Microsoft downplays a recent DNS vulnerability in all Microsoft operating systems (XP, Vista, 2000, and 2003), claims Amit Klein, the security researcher who published the original vulnerability description (PDF) earlier this month. According to Klein, the description in Microsoft's Secure Windows Initiative blog entry is misleading, contains disinformation about the DNS transaction ID algorithm, and downplays the severity of the issue. Klein refutes Microsoft's claim that there is no way to reproduce the next transaction ID, given a series of observed transaction IDs. He shows that this is possible in his paper, which Microsoft had before publishing the SWI post, as well as on the series of data provided in the SWI blog itself."

3 of 93 comments (clear)

  1. Gates mocrosoft mind trick.. by s0litaire · · Score: 1, Funny

    Gates *waves his hand*:"This is not a flaw.." MS Drone user: "This is not a flaw" Gates: *ignore this* MS Drone user "I'll ignore this..." Evil cyber hacker : "WTF!! Another hole! I can't keep up!"

    --
    Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
  2. Re:RTFA by RiotingPacifist · · Score: 1, Funny

    shh, dont bring facts into a perfectly good microsoft bashing, the mods round here dont like that.

    --
    IranAir Flight 655 never forget!
  3. Re:Unlikely, but... by Divebus · · Score: 5, Funny

    Is it possible that Microsoft was downplaying it to lessen the effects? Microsoft will certainly take security to the next level:
      "Are you sure you want to poison the DNS stub resolver cache? Allow or Deny."
    That'll fix it.
    --

    Most of the stuff on /. won't survive first contact with facts.