Massive, coordinated DNS patch released

ronjor · #1 July 8th, 2008, 05:07 PM

Quote:

On Tuesday, a security researcher responsibly disclosed a fundamental flaw within the Domain Name System (DNS), the addressing scheme behind the common names used on the Internet.

Dan Kaminsky, director of penetration testing services for IO Active, found the flaw earlier this year. Rather than sell the vulnerability, as some researchers have done, Kaminsky decided instead to gather the affected parties and discuss it with them first. Without disclosing any technical details, he said, "the severity is shown by the number of people who've gotten onboard with this patch."

He declined to name the flaw because it would give away details.

More.....

ronjor · #2 July 8th, 2008, 08:12 PM

Researcher offers insight into DNS flaw

Quote:

At Tuesday's press conference, Kaminsky refused to provide details about the flaw, preferring to give additional vendors and administrators affected at least 30 days to create or implement the patches.

But within the conference call, during the question-and-answer session, some details and clarifications emerged.

More

axial · #3 July 9th, 2008, 06:04 PM

On the NetworkWorld article about the issue there's a link to Kaminsky's page with a DNS checker, would both links be appropriate to post here?

ronjor · #4 July 9th, 2008, 06:09 PM

That will be okay.

axial · #5 July 9th, 2008, 06:11 PM

NetworkWorld article http://www.networkworld.com/news/200...net.html?t51hb

Kaminisky's DNS checker: http://www.doxpara.com/

Thanks, Ron.

tlu · #6 July 31st, 2008, 12:26 PM

Quote:

Originally Posted by axial

Kaminisky's DNS checker: http://www.doxpara.com/

Another one (that doesn't require Javascript) is https://www.dns-oarc.net/oarc/services/dnsentropy

Rasheed187 · #7 August 3rd, 2008, 10:09 AM

You know what I don´t understand? Why did it needed to be patched on client PC´s? I´m talking about the fix that screwed up ZoneAlarm. I mean you would think that only the DNS servers needed patching, can ayone explain?

huangker · #8 August 3rd, 2008, 03:08 PM

The problem is in the DNS server not client so it is not related to ZA on your system.

Huupi · #9 August 4th, 2008, 03:37 AM

From what i have read about the flaw OpenDNS is not affected,good reason to install it. http://www.opendns.com/

tlu · #10 August 4th, 2008, 05:33 AM

Quote:

Originally Posted by huangker

The problem is in the DNS server not client so it is not related to ZA on your system.

That's not quite correct - see, e.g., the example here or here. As a matter of fact the client libraries of Windows and all Linux and BSD distributions have been patched in the meanwhile - but NOT Apple! Their client libraries still aren't patched, i.e., they haven't implemented randomization of the query ID and the source port yet.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search