Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive, Coordinated Patch To the DNS Released

Posted by kdawson on from the pretty-much-everybody dept.

tkrabec alerts us to a CERT advisory announcing a massive, multi-vendor DNS patch released today. Early this year, researcher Dan Kaminsky discovered a basic flaw in the DNS that could allow attackers easily to compromise any name server; it also affects clients. Kaminsky has been working in secret with a large group of vendors on a coordinated patch. Eighty-one vendors are listed in the CERT advisory (DOC). Here is the executive overview (PDF) to the CERT advisory — text reproduced at the link above. There's a podcast interview with Dan Kaminsky too. His site has a DNS checker tool on the top page. "The issue is extremely serious, and all name servers should be patched as soon as possible. Updates are also being released for a variety of other platforms since this is a problem with the DNS protocol itself, not a specific implementation. The good news is this is a really strange situation where the fix does not [immediately] reveal the vulnerability and reverse engineering isn't directly possible."

3 of 315 comments (clear)

  1. My first response is to call Bullshit by BobMcD · · Score: -1, Troll

    I'm just distrustful, and I know that, but let's count the red flags on this one:

    1) Un-named vulnerability

    2) Un-disclosed patch content

    3) DHS

    4) All vendors working in concert

    This is spooky as hell to me. Is it even possible for a single vulnerability to affect EVERY OS EVERYWHERE at once? That's uncanny, if it really is the case.

  2. Re:not that big of a problem by Anonymous Coward · · Score: -1, Troll

    Moron. You buy a router with a caCHING nameserver then disable it to run some backwater voodoo from a net-kook. For this you were modded interesting?

    Moderators asleep at the wheel today?

  3. Re:Let the DJBing begin! by Anonymous Coward · · Score: -1, Troll

    Uhm...

    DJB-ware is now in _public_ _domain_. That's even more liberal than the BSD license.

    So, update your /etc/hate file with newer facts...

    Except that the definition of "public domain" is very much up for debate, and is quite context-sensitive (e.g., location, etc.), so the actual implications of using, extending, or modifying the software aren't even close to as well-defined as if one were to use the "conservative" BSD license.