The Kaminsky DNS protocol issue may be the best candidate so far for the "Cyber 9/11."
IF it is as serious as the hype makes it sound (probable),
AND if it is widely exploited, causing major disruptions to Internet commerce (too soon to tell),
AND if the IETF, other standards bodies, and DNS implementers are unable to respond with effective mitigations in the protocol (seems likely given their current bickering over DNSSEC),
THEN we can expect to see some sort of major initiative to "secure the web" and impose technical solutions by legislation. Then the U.S. will go one way, the Chinese another, and the rest of the Internet will fragment into balkanized confusion.
Or the whole thing could just go away, like Y2K, and we will all wait for the next bullet.
Unfortunately most people on ADSL don't run their own name server, and instead use their ISPs nameserver.
I wouldn't be so sure about that. My DSL provider (Qwest) gave me an Actiontec router / firewall. Its internal DHCP server hands out the box's LAN IP 192.168.0.1 to clients as a DNS server. It appears to be a caching forwarder.
So most DSL users with these boxes are running their own DNS server, they just don't know it.
BTW, the Actiontec runs Busybox under the hood. I thought about hacking it but decided it wasn't worth the trouble and instead replaced its DHCP, DNS and WLAN AP functions with a Linksys WRT54GL running DD-WRT, leaving the Actiontec as just a gateway. This solved a major performance problem on the LAN.
Cheap shots and pr0n humor are easy, but the fact is that these people seriously want to overhaul the Internet Protocol and believe that they can do it by legislation. And much of the Utah congressional delegation seems to agree. This makes it both ignorant and dangerous.
The only defense against this is education - they need to understand how IANA and the IETF work, and push their stupid ideas there instead of to their legislators. Then they will get the appropriate technical treatment, and bluster about protecting the kids will be useless.
Slashdot Mirror
The Kaminsky DNS protocol issue may be the best candidate so far for the "Cyber 9/11."
IF it is as serious as the hype makes it sound (probable),
AND if it is widely exploited, causing major disruptions to Internet commerce (too soon to tell),
AND if the IETF, other standards bodies, and DNS implementers are unable to respond with effective mitigations in the protocol (seems likely given their current bickering over DNSSEC),
THEN we can expect to see some sort of major initiative to "secure the web" and impose technical solutions by legislation. Then the U.S. will go one way, the Chinese another, and the rest of the Internet will fragment into balkanized confusion.
Or the whole thing could just go away, like Y2K, and we will all wait for the next bullet.
Unfortunately most people on ADSL don't run their own name server, and instead use their ISPs nameserver.
I wouldn't be so sure about that. My DSL provider (Qwest) gave me an Actiontec router / firewall. Its internal DHCP server hands out the box's LAN IP 192.168.0.1 to clients as a DNS server. It appears to be a caching forwarder.
So most DSL users with these boxes are running their own DNS server, they just don't know it.
BTW, the Actiontec runs Busybox under the hood. I thought about hacking it but decided it wasn't worth the trouble and instead replaced its DHCP, DNS and WLAN AP functions with a Linksys WRT54GL running DD-WRT, leaving the Actiontec as just a gateway. This solved a major performance problem on the LAN.
Cheap shots and pr0n humor are easy, but the fact is that these people seriously want to overhaul the Internet Protocol and believe that they can do it by legislation. And much of the Utah congressional delegation seems to agree. This makes it both ignorant and dangerous. The only defense against this is education - they need to understand how IANA and the IETF work, and push their stupid ideas there instead of to their legislators. Then they will get the appropriate technical treatment, and bluster about protecting the kids will be useless.