funsec mailing list archives
Re: Leaks in Patch for Web Security Hole
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sun, 10 Aug 2008 07:45:33 -0400
Vixie said "11 seconds". So the patch added a work factor of roughly
3,600, rather than the 64K that *full* randomization would have added. Or he just got lucky and it happened to work in the first 5% of the attack...
But then, it was *known* that the patches merely made it harder to
hit the hole, and DNSSEC is needed to *totally* fix the issue. Well then we're completely screwed because nothing is going to get DNSSEC implemented quickly, and the 10 hour number is going to get shorter with improvements in hardware and increased parallelism. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ http://blogs.pcmag.com/securitywatch/ Contributing Editor, PC Magazine larry.seltzer () ziffdavisenterprise com _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Leaks in Patch for Web Security Hole Richard M. Smith (Aug 09)
- Re: Leaks in Patch for Web Security Hole Valdis . Kletnieks (Aug 09)
- Re: Leaks in Patch for Web Security Hole Larry Seltzer (Aug 10)
- Re: Leaks in Patch for Web Security Hole Gadi Evron (Aug 10)
- Re: Leaks in Patch for Web Security Hole Åke Nordin (Aug 10)
- Re: Leaks in Patch for Web Security Hole Paul Vixie (Aug 10)
- Re: Leaks in Patch for Web Security Hole Larry Seltzer (Aug 10)
- Re: Leaks in Patch for Web Security Hole Valdis . Kletnieks (Aug 09)