Mostly Harmless

Mostly about my amusement

Date: July 10, 2008

That’s a long 15 minutes

Jesse, please stop.  We all care for you and respect you. But you need to stop being the story right now.

DNS excitement! Panic at the office!

Well not really panic, just your usual vulnerability patching day at the office.

When I saw Dan Kaminsky demonstrate voice over DNS, I was convinced that he dreams in BIND source code.  It was a neat demonstration.

Now he has uncovered another vulnerability in BIND regarding UDP source port prediction. It’s causing some excitement in the work place as to what the impact could be and how soon our vendors can release patches.

I’ve had to do some explaining as what it means;  see Matasano’s blog for more information.  Thomas Ptacek sums it up really well here and states the impact more here.

You’ve got to love someone who can explain the seriousness using a movie quote from Jack Black.

Powered by WordPress & Theme by Anders Norén

%d bloggers like this: