Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive, Coordinated Patch To the DNS Released

Posted by kdawson on from the pretty-much-everybody dept.

tkrabec alerts us to a CERT advisory announcing a massive, multi-vendor DNS patch released today. Early this year, researcher Dan Kaminsky discovered a basic flaw in the DNS that could allow attackers easily to compromise any name server; it also affects clients. Kaminsky has been working in secret with a large group of vendors on a coordinated patch. Eighty-one vendors are listed in the CERT advisory (DOC). Here is the executive overview (PDF) to the CERT advisory — text reproduced at the link above. There's a podcast interview with Dan Kaminsky too. His site has a DNS checker tool on the top page. "The issue is extremely serious, and all name servers should be patched as soon as possible. Updates are also being released for a variety of other platforms since this is a problem with the DNS protocol itself, not a specific implementation. The good news is this is a really strange situation where the fix does not [immediately] reveal the vulnerability and reverse engineering isn't directly possible."

7 of 315 comments (clear)

  1. Re:Oh cool! by brunascle · · Score: 5, Funny

    http://www.doxpara.com/

    Your name server, at 65.24.7.3, appears vulnerable to DNS Cache Poisoning.

    In fact, we arent even www.doxpara.com, we just hacked your name server. That's how we know.

  2. Finally...! by JackassJedi · · Score: 5, Funny

    I'm (sort of) a native German speaker, in which "DNA" is abbreviated "DNS" ("DesoxyribonukleinsÃure" with "sÃure" being "acid").
    Needless to say, my first impression of the headline was way more futuristic than what is there.

    --
    Power corrupts the few, while weakness corrupts the many.
    1. Re:Finally...! by Koiu+Lpoi · · Score: 5, Funny

      "sÃure"

      Welcome to the fail that is "no unicode on slashdot". Enjoy your stay.

  3. Re:More independent verification needed by dvice_null · · Score: 5, Funny

    > Microsoft's own DNS implementation is also affected

    Did anyone else notice that today is Tuesday?

  4. Re:Let the DJBing begin! by Cyberax · · Score: 5, Funny

    Uhm...

    DJB-ware is now in _public_ _domain_. That's even more liberal than the BSD license.

    So, update your /etc/hate file with newer facts...

  5. Re:More independent verification needed by es330td · · Score: 5, Funny

    it is good to have a sysadmin who can write programs in binary

    I'd like to meet one of these sysadmins. I've written system stuff in C and other stuff in Pascal, C++ and Perl over the years but the guy that can write direct to binary must really know his stuff. Just think, his keyboard only needs two keys!

  6. Re:More independent verification needed by QuantumRiff · · Score: 5, Funny

    No, its binary, real men solder a telegraph device to the motherboard, and just push down for 1, up for 0, Really, really fast!

    --

    What are we going to do tonight Brain?