Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive, Coordinated Patch To the DNS Released

Posted by kdawson on from the pretty-much-everybody dept.

tkrabec alerts us to a CERT advisory announcing a massive, multi-vendor DNS patch released today. Early this year, researcher Dan Kaminsky discovered a basic flaw in the DNS that could allow attackers easily to compromise any name server; it also affects clients. Kaminsky has been working in secret with a large group of vendors on a coordinated patch. Eighty-one vendors are listed in the CERT advisory (DOC). Here is the executive overview (PDF) to the CERT advisory — text reproduced at the link above. There's a podcast interview with Dan Kaminsky too. His site has a DNS checker tool on the top page. "The issue is extremely serious, and all name servers should be patched as soon as possible. Updates are also being released for a variety of other platforms since this is a problem with the DNS protocol itself, not a specific implementation. The good news is this is a really strange situation where the fix does not [immediately] reveal the vulnerability and reverse engineering isn't directly possible."

2 of 315 comments (clear)

  1. Re:Oh cool! by Archangel+Michael · · Score: 1, Offtopic

    Not only that, its been slashdotted.

    --
    Agent K: A *person* is smart. People are dumb, stupid, panicky animals, and you know it.
  2. Re:not that big of a problem by myowntrueself · · Score: 0, Offtopic

    and install DJBDNS on a Linux box instead.

    I hope you don't also disable the MTA and install qmail instead...

    --
    In the free world the media isn't government run; the government is media run.