Comments on: The Kaminsky Hack: DNS Exploits in the Wild

By: Brian’s Brain » Blog Archive » Open Source: A Third World Course?

Thu, 27 May 2010 23:17:23 +0000

[...] up on yesterday’s post (for which exploits are already in the wild, so like I said before, get patchin’!) I hit my router’s embedded web server and saw [...]

By: rob friedman

rob friedman — Wed, 23 Jul 2008 06:26:25 +0000

We shouldn’t expect old security methods to always work. This is just another blip, and new measures will be added to be effective for another 10-15 years.

By: Rolf Rolles

Rolf Rolles — Wed, 23 Jul 2008 02:42:39 +0000

It’s worth pointing out that Halvar (almost) figured out the bug due to the published advisories, not due to information given to him in confidence (unlike Matasano).

By: DNS PSA - Danger is lurking. | Spinn @ 170bpm.net

DNS PSA - Danger is lurking. | Spinn @ 170bpm.net — Wed, 23 Jul 2008 01:53:37 +0000

[...] The Kaminsky Hack: DNS Exploits in the Wild [...]

By: David Ulevitch

David Ulevitch — Tue, 22 Jul 2008 20:27:46 +0000

Also — you like to Thomas Ptachek’s tweet from like three weeks ago where he doubts the vulnerability existed.

This is the same jerk who was then briefed by Kaminsky and later stated he agreed it was VERY SERIOUS. He then preceded to steal his thunder and leak the story on his blog!

By: David Ulevitch

David Ulevitch — Tue, 22 Jul 2008 20:25:42 +0000

Alistair,

Kaminsky actually says more than what you said. He said to point to OpenDNS if you can’t patch or your ISP isn’t patched.

Do we get no love because we said no to advertising on GigaOm? (kidding) We’ve been talking about the importance of DNS security for the last two years.

By: gregness

gregness — Tue, 22 Jul 2008 18:55:17 +0000

Alistair:

Well said. I’ve also put together a few background links on this issue at: http://gregness.wordpress.com/2008/07/22/dns-vulnerability-now-in-the-wild/

Kaminsky was just on a webcast with Cricket Lau on the DNS vulnerability.

Sincerely,
Greg