Forwarded from: jf <jf (at) danglingpointers.net> and 3 years before that djb pointed it out as well, its not coincidence that djbdns was not vulnerable. http://cr.yp.to/djbdns/forgery-cost.txt http://cr.yp.to/talks/2003.02.11/slides.pdf On Thu, 10 Jul 2008, InfoSec News wrote: > Date: Thu, 10 Jul 2008 03:25:36 -0500 (CDT) > From: InfoSec News <alerts (at) infosecnews.org> > To: isn (at) infosecnews.org > Subject: [ISN] Shocker DNS spoofing vuln discovered three years ago by a > student > > http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/ > > By John Leyden > The Register > 9th July 2008 > > A flaw in how the internet's addressing system works that sparked a > patching frenzy on Tuesday night may has first been uncovered by a > student as long as three years ago. > > Shortcomings in how the Domain Name System protocol is implemented by > multiple vendors facilitate DNS cache poisoning attacks, security > clearing house US CERT warned on Tuesday. Successful exploitation of > these security shortcomings creates a means for hackers to spoof DNS > replies, allowing for the redirection of network traffic or to mount > man-in-the-middle attacks. _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Jul 11 2008 - 02:35:20 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 11 2008 - 02:47:36 PDT