Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Downplaying Recent DNS Vulnerability

Posted by kdawson on from the it's-nothing-really dept.

Microsoft Watch writes "Microsoft downplays a recent DNS vulnerability in all Microsoft operating systems (XP, Vista, 2000, and 2003), claims Amit Klein, the security researcher who published the original vulnerability description (PDF) earlier this month. According to Klein, the description in Microsoft's Secure Windows Initiative blog entry is misleading, contains disinformation about the DNS transaction ID algorithm, and downplays the severity of the issue. Klein refutes Microsoft's claim that there is no way to reproduce the next transaction ID, given a series of observed transaction IDs. He shows that this is possible in his paper, which Microsoft had before publishing the SWI post, as well as on the series of data provided in the SWI blog itself."

7 of 93 comments (clear)

  1. If they cared by twitter · · Score: 1, Insightful

    they would fix it.

    --

    Friends don't help friends install M$ junk.

  2. two words by FudRucker · · Score: 3, Insightful

    damage control.

    --
    Politics is Treachery, Religion is Brainwashing
  3. Re:Unlikely, but... by Uncle+Focker · · Score: 5, Insightful

    Or rather than spending all that effort in trying to downplay it, they could just fix the vulnerability and stop all the would-be attackers in their tracks. Nah, that would make too much sense.

  4. two better words by gnutoo · · Score: 1, Insightful

    zero credibility

    That's what happens when you lie instead of fixing problems.

  5. Why is this news? by IchBinEinPenguin · · Score: 5, Insightful

    $DUDE finds vulnerability in $PRODUCT made by $VENDOR.
    $DUDE claims this is really serious and should be fixed at once.
    (optional) $DUDE does the Right Thing and tells $VENDOR about it so they can fix it before he goes public.
    $VENDOR replies that $DUDE's claims are overblown.
    Flamewar on /., lots of page hits, lots of add revenue, PROFIT!!
    (optional, much later) $VENDOR quietly fixes $PRODUCT.

  6. Re:Read the article? by SgtChaireBourne · · Score: 2, Insightful

    Dude, this is a technology forum. If you want politics or religion then go elsewhere. You see the slams on that company because not only can't it deliver, it goes through great acrobatics and effort to avoid delivering. Brand recognition cuts both ways, and in a technology forum if a company consistently and persistently for decades makes bottom of the line technology and is bad about fixes and causes trouble, then of course you will see 'anti-' view points: it's called experience.

    --
    Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
  7. Re:It's OK, really by ozmanjusri · · Score: 2, Insightful
    Isn't it amazing how often stories about Microsoft's failings get hijacked by drones accusing everyone of being Twitter.

    You'd almost think Microsoft marketing wants tech-savvy people to discuss anything but their defective products and poor support.

    --
    "I've got more toys than Teruhisa Kitahara."