Kaminsky's DNS Attack Disclosed, Then Pulled

An anonymous reader writes "Reverse engineering expert Halver Flake has recently mused on Dan Kaminsky's DNS vulnerability. Apparently his musings were close enough to the mark to cause one of the Matasano team, who apparently already knew of the attack, to publish the details on the Matasano blog in a post entitled 'Reliable DNS Forgery in 2008.' The blog post has since been pulled, but evidence of it exists on Google and elsewhere. It appears only a matter of time now before the full details leak." Reader Time out contributes a link to coverage on ZDNet as well.

Re:The push for DNSSec

[afidel]

Are you saying there are STILL ISP's not doing egress filtering?!?!? That was known to be necessary back in the early-mid 90's. The fact that someone stupid enough to not do it today is allowed to peer is mind boggling.

Re:The push for DNSSec

[TheLink]

"also have the usual problems with crypto, i.e. establishing a "web of trust" (it's all very well if records under google.com are signed, but how do you know they're signed by Google?)."

Oh, I'm sure it'll require certs being signed by some CA.

Some CA that we can "trust" (to do the wrong thing). Go see what the CA companies really do. See who they are linked to, and who gets the $$$.

This DNSSec thing is such a great solution huh?