Comments on: DNS: A flag day for the Internet? http://www.0xdeadbeef.com/weblog/2008/07/dns-a-flag-day-for-the-internet/ I love you. Wed, 25 Jan 2012 17:08:58 +0000 hourly 1 http://wordpress.org/?v=3.1.4 By: ${me:-whatever} » The Ultimate DNS Bug? http://www.0xdeadbeef.com/weblog/2008/07/dns-a-flag-day-for-the-internet/comment-page-1/#comment-141102 ${me:-whatever} » The Ultimate DNS Bug? Thu, 17 Jul 2008 03:52:18 +0000 http://www.0xdeadbeef.com/weblog/?p=407#comment-141102 [...] saw it on Chris Blizzard’s site and he links to the O’Reilly article about [...] [...] saw it on Chris Blizzard’s site and he links to the O’Reilly article about [...]

]]> By: Wes Felter http://www.0xdeadbeef.com/weblog/2008/07/dns-a-flag-day-for-the-internet/comment-page-1/#comment-141027 Wes Felter Wed, 16 Jul 2008 21:49:17 +0000 http://www.0xdeadbeef.com/weblog/?p=407#comment-141027 It's not a flag day since unpatched machines can still communicate with patched ones. It’s not a flag day since unpatched machines can still communicate with patched ones.

]]> By: Geek Alert: Dan Kaminsky on the DNS Bug of 2008 by OreillyMedia @ YouTube - mmb http://www.0xdeadbeef.com/weblog/2008/07/dns-a-flag-day-for-the-internet/comment-page-1/#comment-141007 Geek Alert: Dan Kaminsky on the DNS Bug of 2008 by OreillyMedia @ YouTube - mmb Wed, 16 Jul 2008 19:51:24 +0000 http://www.0xdeadbeef.com/weblog/?p=407#comment-141007 [...] via Christopher Blizzard » Blog Archive » DNS: A flag day for the Internet? [...] [...] via Christopher Blizzard » Blog Archive » DNS: A flag day for the Internet? [...]

]]> By: Michael Schurter http://www.0xdeadbeef.com/weblog/2008/07/dns-a-flag-day-for-the-internet/comment-page-1/#comment-140994 Michael Schurter Wed, 16 Jul 2008 19:31:18 +0000 http://www.0xdeadbeef.com/weblog/?p=407#comment-140994 Router vendor's should provide firmware updates to fix the DNS issue. I use Tomato firmware, and it released an update: http://www.polarcloud.com/tomato That being said, I personally wouldn't worry about it too much. ;) Router vendor’s should provide firmware updates to fix the DNS issue. I use Tomato firmware, and it released an update:

http://www.polarcloud.com/tomato

That being said, I personally wouldn’t worry about it too much. ;)

]]> By: blizzard http://www.0xdeadbeef.com/weblog/2008/07/dns-a-flag-day-for-the-internet/comment-page-1/#comment-140993 blizzard Wed, 16 Jul 2008 19:24:54 +0000 http://www.0xdeadbeef.com/weblog/?p=407#comment-140993 djb definitely had his day with this one. :) djb definitely had his day with this one. :)

]]> By: nossralf http://www.0xdeadbeef.com/weblog/2008/07/dns-a-flag-day-for-the-internet/comment-page-1/#comment-140990 nossralf Wed, 16 Jul 2008 19:19:48 +0000 http://www.0xdeadbeef.com/weblog/?p=407#comment-140990 Djbdns and PowerDNS don't suffer from this flaw, since they do proper source port randomization. It's, frankly, hilarious that Dan Bernstein has managed to write not only qmail but djbdns as well, and no one has yet to claim the $500 reward for exploits of either. Djbdns and PowerDNS don’t suffer from this flaw, since they do proper source port randomization. It’s, frankly, hilarious that Dan Bernstein has managed to write not only qmail but djbdns as well, and no one has yet to claim the $500 reward for exploits of either.

]]> By: makkara http://www.0xdeadbeef.com/weblog/2008/07/dns-a-flag-day-for-the-internet/comment-page-1/#comment-140987 makkara Wed, 16 Jul 2008 19:16:47 +0000 http://www.0xdeadbeef.com/weblog/?p=407#comment-140987 In case you are doing something valuable, you should be using technologies like SSL anyways. In this era of availability of proper CA signed certificates you are safe from DNS attacks. You will instantly notice if someone gets between you and your services as the browser warns you instantly about broken certificates. In case the attacker also is able to steal someone's private keys, a little DNS haxxoring is least of your problems in any case... And to think of it, many people have whined when Mozilla folks decided to make it less convenient to add exceptions about broken (most usually amateur self signed, but...) certificates. Sigh. In case you are doing something valuable, you should be using technologies like SSL anyways. In this era of availability of proper CA signed certificates you are safe from DNS attacks.

You will instantly notice if someone gets between you and your services as the browser warns you instantly about broken certificates. In case the attacker also is able to steal someone’s private keys, a little DNS haxxoring is least of your problems in any case…

And to think of it, many people have whined when Mozilla folks decided to make it less convenient to add exceptions about broken (most usually amateur self signed, but…) certificates. Sigh.

]]>