Kaminsky's DNS Attack Disclosed, Then Pulled

An anonymous reader writes "Reverse engineering expert Halver Flake has recently mused on Dan Kaminsky's DNS vulnerability. Apparently his musings were close enough to the mark to cause one of the Matasano team, who apparently already knew of the attack, to publish the details on the Matasano blog in a post entitled 'Reliable DNS Forgery in 2008.' The blog post has since been pulled, but evidence of it exists on Google and elsewhere. It appears only a matter of time now before the full details leak." Reader Time out contributes a link to coverage on ZDNet as well.

Re:The push for DNSSec

[dintech]

Fame? Notorioty? Unstoppable attractiveness to women?

I've been deeply worried

[smittyoneeach]

...about these Monsanto DNA attacks for some time...

A: Because it breaks the flow of a message

[DNS-and-BIND]

Q: Why is starting a post in the Subject: line annoying?

Re:Here's the whole post

[davester666]

From reading the f'ing article, I now know that I should never try to resolve WWW.VICTIM.COM [slashdot.org].

Actually

[krkhan]

Well, as soon as he had posted that thing he got a Cease & Desist letter from MPAA for disclosing the intellectual property of Wachowski Brothers for The Matrix: Rebuttal. The movie was supposed to answer all the questions pertaining to the first movie and this attack was the secret way that Zion crafts used to hack into the Core. Of course, the Core refused to get its DNS servers patched because they didn't need anyone's help.

Re:The push for DNSSec

[snowgirl]

Fame? Notorioty? Unstoppable attractiveness to women?

Hey, you all are laughing now, but I tell you, there's a whole throng of us women just waiting for the right guy to secure our DNS!

That's it

[krkhan]

I've had enough. From now on, /. isn't /. for me. It's 216.34.181.45. I'm updating all my bookmarks. Wait, why is it redirecting? I have a bad feeling about this. Itsatrick.

Re:The push for DNSSec

[geekgirlandrea]

Whereas us lesbians can secure our own DNS just fine, but would still prefer to have some nice girl do it for us. :)

Re:The push for DNSSec

[Yeff]

Hottest. Slashdot Thread. Ever!

Hottest?

[Rudd-O]

This is sad.

Re:The push for DNSSec

[Element119]

if only i were a female, i'd be a lesbian for sure.

Re:No details?

[NickFitz]

... it ended up with a 404 page. I thought it was a blip on their server, but now I see they retracted the post.

They fail. If they've removed it with no intention of making it available again it should be 410 Gone [w3.org], not 404 Not Found [w3.org]. Am I the only person who reads the HTTP spec? It's not exactly hard to understand...

Re:The push for DNSSec

[Anonymous Coward]

hope I didn't kill anyones chubber

On the contrary...

Re:No details?

[Alsee]

Actually you have the answer within your own post. As you said "If they've removed it with no intention of making it available again". According to the spec "If the server does not know, or has no facility to determine, whether or not the condition is permanent, the status code 404 (Not Found) SHOULD be used instead." It is quite possible that the page was only taken down temporarily, with the intent to restore it on the official disclosure date. So use of code 410 which would be in violation of the spec, and 404 the proper reply code.

Tag: geek humor

-

Re:The push for DNSSec

[Anonymous Coward]

I'm pretty sure the parent actually masturbated after posting.

Re:Hottest?

[Antique Geekmeister]

What's wrong? Doesn't your NNTP server carry alt.sex.bindage anymore?

Re:Hottest?

[kpainter]

I suspect a lot of Slashdotters have their sexual *ahem* attentions redirected to 127.0.0.1

Re:The push for DNSSec

[snowgirl]

Sorry, but I'm wearing the HTTP panties "403 Forbidden" :) My ports are closed until you can find the right sized diamond to activate my modules...

God, I just gave up on that last word, and it still ended up being a sexual innuendo...