Slashdot Mirror

← Back to Stories (view on slashdot.org)

Paul Vixie Responds To DNS Hole Skeptics

Posted by kdawson on from the be-afraid-be-very-afraid-then-get-patching dept.

syncro writes "The recent massive, multi-vendor DNS patch advisory related to DNS cache poisoning vulnerability, discovered by Dan Kaminsky, has made headline news. However, the secretive preparation prior to the July 8th announcement and hype around a promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference has generated a fair amount of backlash and skepticism among hackers and the security research community. In a post on CircleID, Paul Vixie offers his usual straightforward response to these allegations. The conclusion: 'Please do the following. First, take the advisory seriously — we're not just a bunch of n00b alarmists, if we tell you your DNS house is on fire, and we hand you a fire hose, take it. Second, take Secure DNS seriously, even though there are intractable problems in its business and governance model — deploy it locally and push on your vendors for the tools and services you need. Third, stop complaining, we've all got a lot of work to do by August 7 and it's a little silly to spend any time arguing when we need to be patching.'"

7 of 147 comments (clear)

  1. I'm not worried by niceone · · Score: 5, Funny

    I just remember the IP addresses and type them in myself. How hard is that?

    --
    ccalam - acoustic versions of new songs.
    1. Re:I'm not worried by Klaus_1250 · · Score: 5, Funny

      Why is that hard? Still works with IP-addresses. The only thing you need to do is to supply the Host-field as per HTTP/1.1.

      --
      It only takes one man to change the Wisdom of the Crowd to Tyranny of the Masses.
    2. Re:I'm not worried by Nullav · · Score: 5, Funny

      Hey!
      I am an unpatched DNS server, you insensitive clod!

      --
      I just read Slashdot for the articles.
  2. The back-biting is shameful by hal9000(jr) · · Score: 5, Insightful

    this article at information week said it best the day after the announcement.

    Geez, if you want responsible disclosure, you have to trust the experts when they say "it's new and it's bad"

  3. Doctors make the worst patients by wild_quinine · · Score: 5, Insightful
    ... and IT admins make the worst end users.

    Knowing how to run a system is not purely technical knowledge, it's also a measure of professional ability. That means knowing when to take advice, and knowing who to take it from.

  4. Re:What is Secure DNS by Anonymous Coward · · Score: 5, Informative

    "The Domain Name System Security Extensions (DNSSEC) are a suite of IETF specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers):

            * Origin authentication of DNS data.
            * Data integrity.
            * Authenticated denial of existence."

    http://en.wikipedia.org/wiki/DNSSEC

  5. Re:Unfortunately, what else is new? by danFL-NERaves · · Score: 5, Funny

    Your mad ad hominem attack skills have convinced everyone that Paul Vixie is the know nothing douchebag in this conversation. Kudos!