Full Disclosure mailing list archives
Re: Nominate Dan Kaminsky for Most Overhyped BugPwnie Award
From: imipak <imipak () gmail com>
Date: Wed, 23 Jul 2008 16:29:23 +0100
mcwidget wrote:
Given how easy it appears to be to redirect a client to a malicious web server,
The web != the Internet. Think of POP and IMAP.Hmmm. SMTP. All those Cisco devices that still use telnet rather than Ssh... I'm /sure/ there are no SP networks whose routers don't use BGP + MD5 *and* which use unpatched or NAT'd DNS servers. Why, that's just crazy talk. There's still no patches (or anything else) from Checkpoint, Cisco, or any other vendors of vulnerable NATs, AFAIK, though Vixie and Dan Kaminsky have both said CERT are working on it. At http://blog.wired.com/27bstroke6/2008/07/kaminsky-on-how.html , Dan is quoted saying: Q: How far along are people in patching the DNS servers? Do you know how many have been patched? DK: [...] We were getting some pretty good pickup on this patch. The last time I looked at people who were testing against my site it was somewhere in 30 to 40 percent ... Is it 22:58 already? =i -- make way for history flickering like a long-lost memory _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Nominate Dan Kaminsky for Most Overhyped BugPwnie Award the_man (Jul 12)
- <Possible follow-ups>
- Re: Nominate Dan Kaminsky for Most Overhyped BugPwnie Award The Man (Jul 12)
- Re: Nominate Dan Kaminsky for Most Overhyped BugPwnie Award Ureleet (Jul 14)
- Re: Nominate Dan Kaminsky for Most Overhyped BugPwnie Award imipak (Jul 23)