funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Leaks in Patch for Web Security Hole

From: "Larry Seltzer" <larry () larryseltzer com>
Date: Sun, 10 Aug 2008 07:45:33 -0400
Vixie said "11 seconds".  So the patch added a work factor of roughly

3,600, rather than the 64K that *full* randomization would have added.
Or he just got lucky and it happened to work in the first 5% of the
attack...

But then, it was *known* that the patches merely made it harder to

hit the hole, and DNSSEC is needed to *totally* fix the issue.

Well then we're completely screwed because nothing is going to get
DNSSEC implemented quickly, and the 10 hour number is going to get
shorter with improvements in hardware and increased parallelism.

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: