Microsoft cover-up of recent DNS vulnerability
Submitted
by
Microsoft Watch
Microsoft Watch writes "Microsoft downplays a recent DNS vulnerability in all Microsoft operating systems (XP, Vista, 2000 and 2003), claims Amit Klein, the security researcher who published the original vulnerability description earlier this month.
According to Klein, the description in Microsoft's Secure Windows Initiative blog entry is misleading and contains disinformation about the DNS transaction ID algorithm, and downplays the severity of the issue by claiming that there is no way to reproduce the next transaction ID, given a series of observed transaction IDs. Klein, however, shows that this is possible in his paper, as well as on the series of data provided in the SWI blog itself."
According to Klein, the description in Microsoft's Secure Windows Initiative blog entry is misleading and contains disinformation about the DNS transaction ID algorithm, and downplays the severity of the issue by claiming that there is no way to reproduce the next transaction ID, given a series of observed transaction IDs. Klein, however, shows that this is possible in his paper, as well as on the series of data provided in the SWI blog itself."
Microsoft cover-up of recent DNS vulnerability More Login
Microsoft cover-up of recent DNS vulnerability