Kaminsky's DNS Attack Disclosed, Then Pulled 281
An anonymous reader writes "Reverse engineering expert Halver Flake has recently mused on Dan Kaminsky's DNS vulnerability. Apparently his musings were close enough to the mark to cause one of the Matasano team, who apparently already knew of the attack, to publish the details on the Matasano blog in a post entitled 'Reliable DNS Forgery in 2008.' The blog post has since been pulled, but evidence of it exists on Google and elsewhere. It appears only a matter of time now before the full details leak."
Reader Time out contributes a link to coverage on ZDNet as well.
Re:The push for DNSSec (Score:5, Funny)
I've been deeply worried (Score:4, Funny)
A: Because it breaks the flow of a message (Score:5, Funny)
Re:Here's the whole post (Score:3, Funny)
From reading the f'ing article, I now know that I should never try to resolve WWW.VICTIM.COM [slashdot.org].
Actually (Score:2, Funny)
Re:The push for DNSSec (Score:5, Funny)
Fame? Notorioty? Unstoppable attractiveness to women?
Hey, you all are laughing now, but I tell you, there's a whole throng of us women just waiting for the right guy to secure our DNS!
That's it (Score:4, Funny)
Re:The push for DNSSec (Score:5, Funny)
Whereas us lesbians can secure our own DNS just fine, but would still prefer to have some nice girl do it for us. :)
Re:The push for DNSSec (Score:5, Funny)
Hottest? (Score:5, Funny)
This is sad.
Re:The push for DNSSec (Score:4, Funny)
Re:No details? (Score:5, Funny)
... it ended up with a 404 page. I thought it was a blip on their server, but now I see they retracted the post.
They fail. If they've removed it with no intention of making it available again it should be 410 Gone [w3.org], not 404 Not Found [w3.org]. Am I the only person who reads the HTTP spec? It's not exactly hard to understand...
Re:The push for DNSSec (Score:4, Funny)
On the contrary...
Re:No details? (Score:4, Funny)
Actually you have the answer within your own post. As you said "If they've removed it with no intention of making it available again". According to the spec "If the server does not know, or has no facility to determine, whether or not the condition is permanent, the status code 404 (Not Found) SHOULD be used instead." It is quite possible that the page was only taken down temporarily, with the intent to restore it on the official disclosure date. So use of code 410 which would be in violation of the spec, and 404 the proper reply code.
Tag: geek humor
-
Re:The push for DNSSec (Score:1, Funny)
I'm pretty sure the parent actually masturbated after posting.
Re:Hottest? (Score:5, Funny)
Re:Hottest? (Score:4, Funny)
Re:The push for DNSSec (Score:3, Funny)
Sorry, but I'm wearing the HTTP panties "403 Forbidden" :) My ports are closed until you can find the right sized diamond to activate my modules...
God, I just gave up on that last word, and it still ended up being a sexual innuendo...