Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×
Security

Submission + - Kaminsky DNS Bug Fixed by Single Character Patch?

An anonymous reader writes: According to this thread on the bind-users mailing list ( http://marc.info/?t=121981071400003 ) there is nothing inherent in the DNS protocol that would cause the massive vulnerability discussed at length here and elsewhere.

As it turns out, it appears to be a simple off-by-one error in BIND, which favors new NS records over cached ones (even if the cached TTL is not yet expired). The patch changes this in favor of still-valid cached records, removing the attacker's ability to succesfully poison the cache outside the small window of opportunity afforded by an expiring TTL, which is the way things used to be before the Kaminsky debacle.

Source port randomization is nice, but removing the root cause of the attack's effectiveness is better...

Slashdot Top Deals

Everybody likes a kidder, but nobody lends him money. -- Arthur Miller

Working...