Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?

Submission + - djb awards $1000 for first djbdns security hole (

emad writes: Last week, a patch and sample exploit were posted to the djbdns mailing list concerning a bug that allowed subdomain administrators to take over parent domains when served from the same tinydns/axfrdns servers. Today, Dan Bernstein acknowledged the security hole, recommended users to install the patch, and awarded $1000 to Matthew Dempsky for publishing the first verifiable security hole in djbdns. In the words of Dan Kaminsky (of recent DNS security fame): "However, Dempsky's bug in djb's tinydns is way more surprising, if only because...holy crap, he pulled an exploitable scenario out of THAT?!"

Uncertain fortune is thoroughly mastered by the equity of the calculation. - Blaise Pascal