Secrecy and the DNS flaw
Posted Jul 10, 2008 18:10 UTC (Thu) by emk
In reply to: Secrecy and the DNS flaw
Parent article: Secrecy and the DNS flaw
I think enough has been published concerning the flaw so that white hats should by now know enough about the nature of it to remediate the vulnerability, without specific attack code having to be published before they have a chance to do so.
Just to clarify my earlier remarks, Im not arguing that Kaminsky should publish exploit code. But it would be nice to know, soon, what the actual threat is. Theres a big difference between describing a problem, and actually publishing exploit code.
I once maintained an (incredibly minor) fork of a DNS implementation. It wasnt a caching resolver, so Im assuming its not affected. But I'd feel happier if I actually understood the problem.
In response to your other remarks, I really hope this isn't a weak PRNG problem. That would be pretty embarrassing.
to post comments)