February 27th, 2009, 07:14 AM
How would someone determine if the DNS servers they use are vulnerable to this flaw?
In God We Trust....Everything else we backup.
February 27th, 2009, 12:26 PM
My take on it is that if you get "Great" as a rating you are not as vulnerable as you might be. Anything else and you certainly have problems.
Also the vulnerability checker link on this site (needs Java?)
And Steve Gibson?
February 27th, 2009, 03:19 PM
Personally, I would just flat out ask hosting companys to move domains around for me.
February 27th, 2009, 06:36 PM
OpenDNS tests great, as well as my ISP. I suspect most ISP's will test fine.
“Everybody is ignorant, only on different subjects.” — Will Rogers
February 28th, 2009, 03:01 AM
"Something of this scale... go ahead and go out, say that there is all these issues and to spin up all this press and all this hype. And to ask everyone to patch with no good technical details... this... this is the mark of bull."
-Dan Kaminsky at O'Reilly FOO Camp 2008.
February 28th, 2009, 04:47 AM
What Kaminsky actually said was (paraphrased):
So I guess that he was referring to the "not invented here" or "why didn't I discover that?" syndrome which is not uncommon amongst academics, intellectuals, and highly specialised technicians.
But I went out with no other hackers. And there was a lot of skepticism and there should have been. Because I've got to tell you -- something of this scale -- to go ahead and go out and say that there's all these issues and spin up all this press and all of this hype and ask everyone to patch with no good technical details. This is the mark of bull, this is -- it's so easy to make stuff up. If I'm doing it here, wouldn't anyone be able to do that?
Now I eventually remediated this to some degree by bringing in some of my loudest detractors, pulling them aside getting a con call and saying alright, guys, here's the deal. And, to their credit, Tom Ptacek's credit, Dino Dai Zovi's credit, they (went) ahead and they went online and said, 'Oh my God, we're in trouble.' I think the exact quote is, "Dan's got the goods."
Well, this is true. I kind of wish I didn't, 'cause it's a lot of responsibility, but yeah, I've got the goods. And on August 6, 2008 the goods are getting out. The bug is not going to last much longer. I don't even know if it's going to last until August 6th, frankly, based on the emails that I'm getting.
So this is my request to all of you in the room and this is my request to everyone watching this video. The DNS bug is real. I am not messing around here.
I am doing absolutely everything above and beyond what I ever thought was possible and a lot of people are cooperating well.
We need to fix this
. If it is a recursive nameserver that does lookups to names on the internet you must, must patch it, or you must, must decommission it.
Actually, I found his comment and some of the initial reaction he got rather surprising. I would have thought that the last thing that someone trying to establish or maintain a reputation in the security field would want to do would be to put their name to something that could be proven to be a load of hysterical bullcrap?
I certainly gave him the benefit of the doubt
Last edited by nihil; February 28th, 2009 at 07:16 AM.
February 28th, 2009, 09:52 AM
Yeah, ^thats^ a misquote.
*Presses his hands agianst his screen to cover Nihil's post*
By mmkhan in forum Web Security
Last Post: August 25th, 2004, 09:40 AM
By Tiger Shark in forum Network Security Discussions
Last Post: April 20th, 2004, 05:22 PM
By ragnfild in forum Miscellaneous Security Discussions
Last Post: August 9th, 2002, 02:27 PM