Forwarded from: jf <jf (at) danglingpointers.net>



and 3 years before that djb pointed it out as well, its not coincidence 

that djbdns was not vulnerable.



http://cr.yp.to/djbdns/forgery-cost.txt

http://cr.yp.to/talks/2003.02.11/slides.pdf





On Thu, 10 Jul 2008, InfoSec News wrote:



> Date: Thu, 10 Jul 2008 03:25:36 -0500 (CDT)

> From: InfoSec News <alerts (at) infosecnews.org>

> To: isn (at) infosecnews.org

> Subject: [ISN] Shocker DNS spoofing vuln discovered three years ago by a

>     student

>

> http://www.theregister.co.uk/2008/07/09/dns_bug_student_discovery/

>

> By John Leyden

> The Register

> 9th July 2008

>

> A flaw in how the internet's addressing system works that sparked a 

> patching frenzy on Tuesday night may has first been uncovered by a 

> student as long as three years ago.

>

> Shortcomings in how the Domain Name System protocol is implemented by 

> multiple vendors facilitate DNS cache poisoning attacks, security 

> clearing house US CERT warned on Tuesday. Successful exploitation of 

> these security shortcomings creates a means for hackers to spoof DNS 

> replies, allowing for the redirection of network traffic or to mount 

> man-in-the-middle attacks.





_______________________________________________      

Attend Black Hat USA, August 2-7 in Las Vegas, 

the world's premier technical event for ICT security experts.

Featuring 40 hands-on training courses and 80 Briefings 

presentations with lots of new content and new tools.

Network with 4,000 delegates from 50 nations.  

Visit product displays by 30 top sponsors in 

a relaxed setting. http://www.blackhat.com



Received on Fri Jul 11 2008 - 02:35:20 PDT