That makes sense. Nonexistent, subdomain host poisoning is also a serious problem.

Taking over existing domains is a superset of that serious problem, and can be done with the same style attack, just by adding glue. Because existing hijackable domains include nameserver domains, you could take over all DNS for google.com, from webservers and mail servers to SPF and DKIM records.

Anyway, it's all bad. Yes, poisoning is bad.

DJB was the first to point out that Source Port Randomization would help, years ago, and he gets no credit? Why not concede any? And how many of those servers you named have been open to an easily feasible 32,000 max packet poisoning attack for the eight years that djbdns was requiring a TXID + SPR packet attack? And now you're trying to ding djbdns, characterizing it as a less secure outlier, for allowing 200 simultaneous queries, which opens the space by not quite 8 bits? TXID + SPR for djbdns is still 24 bits. TXID + SPR is only 27 for Microsoft (2500 source ports).

Scheier:

The real lesson is that the patch treadmill doesn't work, and it hasn't for years. This cycle of finding security holes and rushing to patch them before the bad guys exploit those vulnerabilities is expensive, inefficient and incomplete. We need to design security into our systems right from the beginning. We need assurance. We need security engineers involved in system design. This process won't prevent every vulnerability, but it's much more secure -- and cheaper -- than the patch treadmill we're all on now.

What a security engineer brings to the problem is a particular mindset. He thinks about systems from a security perspective. It's not that he discovers all possible attacks before the bad guys do; it's more that he anticipates potential types of attacks, and defends against them even if he doesn't know their details. I see this all the time in good cryptographic designs. It's over-engineering based on intuition, but if the security engineer has good intuition, it generally works.

Kaminsky's vulnerability is a perfect example of this. Years ago, cryptographer Daniel J. Bernstein looked at DNS security and decided that Source Port Randomization was a smart design choice. That's exactly the work-around being rolled out now following Kaminsky's discovery. Bernstein didn't discover Kaminsky's attack; instead, he saw a general class of attacks and realized that this enhancement could protect against them. Consequently, the DNS program he wrote in 2000, djbdns, doesn't need to be patched; it's already immune to Kaminsky's attack.

That's what a good design looks like. ...

I'm not a DJB fanboy. I concede that I think the 200 simultaneous identical queries is a big loss of security. But I also recognize that DJB was doing the right thing nearly a decade ago, and warning people, while everyone else took until now, after disclosure of a specific, very bad vuln, to clean up their acts. I find it distasteful that people are reluctant to publicly acknowledge DJB's right thinking, or even to acknowledge it to themselves. That's the other face of fanboyism, just inverted from fan to detractor.

The article mentioned Arizona as one area with a serious copper theft problem. It's getting pretty bad in Phoenix particularly.

Scrap metal dealers here are now required by law to report all scrap metal purchases in excess of $50. The thieves have responded by negotiating with the scrap metal dealers to keep their reimbursement amounts just below that critical threshold.

We've had thieves in my neighborhood take a circular saw to bundles of cables, effectively cutting off Qwest customers from their phones (and in our case, VDSL for TV and broadband). These are cable bundles protected inside of steel conduits or pipes!

It's gotten to the point that Qwest has decided it does not want to maintain its Choice TV service beyond 2010, and so Qwest is now encouraging its customers to switch their TV service to DirecTV (through a partnership deal), and I've been told that they will be transitioning their Choice broadband customers to some new high-speed network standard over the next couple years. (I've been told either 12 or 20 megabit service will be coming to my area.) In the meantime, those of us who are still stuck on Choice TV until we can figure out what to do are left with a dwindling number of viable copper pairs we can use; nobody at Qwest is putting up replacement lines or fixing/reconditioning the existing lines, so I've had Qwest downgrade my broadband service twice from 3 megabit to 1.5 megabit to compensate for now-marginal signal levels.

Although I'm sure it was mainly a business case for Qwest deciding it doesn't want to compete with cable operators after all, I am also sure that repeated vandalism of Qwest property and theft of its copper is playing a large part in this decision.

There is a famous story of a patient in hospital complaining of an earache. The doctor doing the rounds wrote a prescription for a nurse to fulfill. The prescription stated that several drops of a particular drug should be put in "R ear" ("R" being an abbreviation for "right").

The nurse dutifully put the earache drops in the patients anus.

Yes, I know this has nothing to do with texting, but abbreviations are common in text messages so I was reminded of this story.

Well, I'm not an expert on the subject, all I did was Google and read the first dozen or so entries, but yeah that's about how it looks.

I'm not going to go on record as saying that he's the Affirmitive Action HLR president, but considering how closely his selection coincides with a massive political campaign at Harvard to get minorities into power at Harvard law I can't say it's completely out of the realm of possibility given that his grades getting into Harvard were well below their standards and his selection to editor was only possible after they removed the academic basis for it.

I voted for him either way, but it doesn't look like this is one of his strong qualities.