Monday, July 21, 2008
DNS vulnerability in the wild
Well, it had to happen. The DNS vulnerability discovered by Dan Kaminsky has been leaked. Go read here, here, or here. Then read this and this . The vulnerability is conceptually simple, and frankly it is amazing that no other researchers ever found it. I'll not elaborate on how dangerous it is (patch now!) or how it works exactly. Instead, I'll be trying to wrap my head around this one and get ready to explain the details when asked. Kudos to Dan on how he handled it.