I think enough has been published concerning the flaw so that white hats should by now know enough about the nature of it to remediate the vulnerability, without specific attack code having to be published before they have a chance to do so.
Just to clarify my earlier remarks, Im not arguing that Kaminsky should publish exploit code. But it would be nice to know, soon, what the actual threat is. Theres a big difference between describing a problem, and actually publishing exploit code.
I once maintained an (incredibly minor) fork of a DNS implementation. It wasnt a caching resolver, so Im assuming its not affected. But I'd feel happier if I actually understood the problem.
In response to your other remarks, I really hope this isn't a weak PRNG problem. That would be pretty embarrassing.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds