-
August 16th, 2008, 10:22 AM
#1
DNS Flaw Not Resolved?
Seems the recent DNS patches are not a magic bullet:
The Internet remains vulnerable to exploits of a critical security flaw in the Domain Name System, a Russian programmer demonstrated last week. Writing on his blog on Friday, Evgeniy Polyakov posted that he had succeeded in getting patched DNS software to return an incorrect location in less than 10 hours.
That doesn't mean that the patches are valueless, but that more work is required on a solution.
OK, I don't think that we need worry about script kiddies and part time criminals here, as the resources required are probably well beyond their means. Unfortunately malicious activity on the internet has taken an increasingly professional criminal turn of late, and the pros certainly can afford it if the rewards are there for the taking.
Full article here:
http://www.crm-daily.com/story.xhtml...d=0300032O5BDC
-
August 17th, 2008, 09:58 PM
#2
The patch was never intended to fix these issue just make it a lot more time consuming to pull off. What this article fails to mention is that this was done over a Gigabit Ethernet connection. So you need a very fast link to the DNS server and for no one to notice that you flooded it. DNS is still a broken system security wise but what else is new. Doxpara has some great stuff on this whole mess minus the BS fear mongering. http://www.doxpara.com/?p=1215
-
August 18th, 2008, 09:29 PM
#3
What this article fails to mention is that this was done over a Gigabit Ethernet connection. So you need a very fast link to the DNS server
"So far, what Polyakov has managed to prove is that in a controlled test with highly powerful systems on a fast network, Dan Kaminsky's attack-vector window still exists and is about 10 hours in length,"
seems you missed that bit?
minus the BS fear mongering.
OK, I don't think that we need worry about script kiddies and part time criminals here, as the resources required are probably well beyond their means.
-
August 20th, 2008, 08:38 PM
#4
Why are people surprised when patches don't fix things that were never engineered for their current use? DNS is another Internet service that was never meant to be used in the capacity it currently serves. Until we stop bolting wings on to VW bugs and truly engineer purpose built services, this stuff will never end.
There is your public service announcement for the day.
--Th13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Similar Threads
-
By SDK in forum Miscellaneous Security Discussions
Replies: 15
Last Post: November 26th, 2004, 04:50 AM
-
By SDK in forum Microsoft Security Discussions
Replies: 3
Last Post: November 5th, 2004, 04:51 PM
-
By SDK in forum Microsoft Security Discussions
Replies: 24
Last Post: September 30th, 2004, 08:09 PM
-
By SDK in forum Microsoft Security Discussions
Replies: 5
Last Post: January 30th, 2004, 03:39 AM
-
By Ratman2 in forum Microsoft Security Discussions
Replies: 4
Last Post: May 6th, 2002, 09:15 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|