[Sysops-list] [SANOG] Re: Fwd: US-CERT Technical Cyber Security Alert TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning
Nitin Sharma
nitinics at gmail.com
Thu Jul 24 00:59:10 EDT 2008
On Tue, Jul 22, 2008 at 5:07 AM, Bipin Gautam <bipin.gautam at gmail.com> wrote:
> Its time to patch.......... really!!! :)
>
> -----------------------------------------------------------------------------
> Reliable DNS Forgery in 2008: Kaminsky's Discovery
> Originally posted by Matasano Chargen
>
> The cat is out of the bag. Yes, Halvar Flake figured out the flaw Dan
> Kaminsky will announce at Black Hat.
>
>
Read Halvar Flake's blog post on Dan's "No Speculation Please" request
at http://addxorrol.blogspot.com/
Dan clearly mentioned: (http://www.doxpara.com/ )
1) Yes, I'm doing a webcast with Black Hat on the 24th
2) No, I'm not releasing the exploit early.
In the meanwhile, he has a "Check My DNS" link at his blog to find if
the DNS server you're using is vulnerable. And you might find couple
reverse engineered scripts and dig queries from couple other authors
as well at http://www.isc.org/sw/bind/docs/Vulnerability_Discussion.pdf
Well , i am waiting for the webcast, while you guys stay secure!
More information about the Sysops-list
mailing list