http://news.cnet.com/8301-1009_3-9998906-83.html By Robert Vamosi Security News.com July 24, 2008 In his first public comments since his Domain Name System (DNS) cache poisoning flaw was made public, Dan Kaminsky said in a conference call on Thursday he doesn't want to parse who said what when. He just wants everyone to understand that they must patch their systems now. Speaking during the second pre-Black Hat security conference Webinar, Kaminsky, who's director of penetration testing for IOActive, provided the most information to date about the DNS flaw he found earlier this year but only disclosed in public on July 8. DNS is what translates the common name of a Web site into its numerical IP address, and is therefore a fundamental component to the Internet. His announcement coincided with a massive, multivendor patch release. But he withheld details, hoping that most people would get their systems patched before the bad guys got a hold of it. Kaminsky said the word is getting out about the patches, but there are still many systems that are vulnerable. From the period of July 8 through July 13, 86 percent of the people testing their system on his Web site were vulnerable. Today it's 52 percent. "Not perfect; not even good enough," he said. But "I'll take 52 any day of week and twice on Sunday." [...] _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Fri Jul 25 2008 - 05:31:37 PDT
This archive was generated by hypermail 2.2.0 : Fri Jul 25 2008 - 05:51:07 PDT