Slashdot Mirror

← Back to Stories (view on slashdot.org)

Kaminsky Bug Options Include "Do Nothing," Says IETF

Posted by timothy on from the doing-stuff-is-overrated dept.

netbuzz writes "Meeting in Minneapolis this week, the Internet engineering community is debating whether to aggressively fashion and apply fixes for the so-called Kaminsky bug in the DNS discovered this summer, or to simply let its threat stand as motivation for all to move with greater speed toward DNSSEC, which is considered the best long-term security solution. Problem with the latter approach is that DNSSEC has been in the works for a decade already, no one is confident it will be universally embraced, and the Kaminsky flaw is causing real problems today.

4 of 134 comments (clear)

  1. DNS by Anonymous Coward · · Score: 5, Funny

    TMBG37 GOES TO THE MARKET
            -or-
    DNS for fucking idiots.
    (NONE LIKE IT HOT!)
     
    1. TMBG37 tries to go to www.dildomall.com with his browsar.
            a. His local machine checks if he's been there recently
              and if it remembers the IP address.
            b. Let's assume (big assumption people), that TMBG37
              hasn't been buying any rubbery cocks of late (ha!),
              his computar connects to its local nameserver.
                    --> HELO MISTAR NAMESERVAR
                    <-- Oh fuck it's you :(
                    --> WHERE DO I BUY DILDOES?
                    <-- Shit kid I don't even want involved with that.
                    --> GIVE ME ADDRESS FOR www.dildomall.com!!!!!
                    <-- Fuck you. But fine, its nameserver is
                        ns1.bunghole.org, which is 69.69.69.69.
                    --> THANK YOU SIR
            c. His computer goes on to pester ns1.bunghole.org, via
              its IP address, which it got from the local nameserver.
                    --> OMG R U ns1.bunghole.org?
                    <-- Oh christ, I've heard about you :(
                    --> OMG PLZ WHAT IS www.dildomall.com !!!!?
                    <-- Leave me alone.
                    --> PLXX?????
                    <-- It's 37.37.37.37
                    --> OMG HHLUAHGLAUHGALUHGUH *SUCKING DICK*
    2. TMBG37 goes on to happily penetrate his anus with a dildo
      bought from www.dildomall.com, with the IP address 37.37.37.37.
      There are HTTP/1.1 issues involved here if it is using virtual
      hosting, but that's NEITHER HERE NOR THERE.

    1. Re:DNS by pleappleappleap · · Score: 5, Funny

      To know recursion, you must first know recursion.

  2. Re:How many legs does the Kaminsky bug have? by cstdenis · · Score: 5, Funny

    It's a space station. You don't need a vacuum cleaner. Just open a window.

    --
    1984 was not supposed to be an instruction manual.
  3. Misreported by Spazmania · · Score: 5, Informative

    I was in the meeting. As I recall, one gentleman, I'll repeat that, one gentleman from the audience of a few hundred got up and expressed the opinion that we should do nothing so as to spur DNSSEC deployment.

    There was rather more consensus for the view that we should avoid making quick hacks that might obstruct DNSSEC deployment since DNSSEC is currently the only approach on the table that we're reasonably sure ends the problem.

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.