.

Interview With Dan Kaminsky On Massive Multivendor DNS Patch

<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Tue Jul 08, 2008 3:45 pm

Interview With Dan Kaminsky On Massive Multivendor DNS Patch

To those of you who are currently stuck as patch monkeys like me, hell, to everyone, this is HUGE!

Over on the Network Security Podcast, Dan talks about how he got the cooperation of damn near every vendor out there and developed the patches that were simultaneously released today (including MS08-037) patching a "gaping hole in the DNS protocol."

He basically states that on August 6 at BlackHat Vegas, he'll be releasing proof of the vulnerability.

To prove how rediculously huge this is, when have you ever seen all the competitors work on something together AND keep it secret?

(The CERT advisory Word doc lists all the vendors)
Last edited by oneeyedcarmen on Tue Jul 08, 2008 3:47 pm, edited 1 time in total.
Reluctant CISSP, Certified ASS
<<

oneeyedcarmen

User avatar

Full Member
Full Member

Posts: 233

Joined: Thu Jul 05, 2007 2:13 pm

Location: Baltimore, MD USA

Post Thu Jul 10, 2008 12:11 pm

Re: Interview With Dan Kaminsky On Massive Multivendor DNS Patch

As a follow-up...

The M$ patch (MS08-037) is flawed.  I just spoke with a rep at M$ who stated that they are working on fixing it (it pretty much stops you from reaching the internetz if you have ZoneAlarm, and from reaching any update sites anyway), but that "it was a good thing that you haven't installed the latest patches for MS08-037."

How reassuring...
Reluctant CISSP, Certified ASS
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Jul 10, 2008 5:00 pm

Re: Interview With Dan Kaminsky On Massive Multivendor DNS Patch

Why do you run ZoneAlarm? 
~~~~~~~~~~~~~~
Ketchup

Return to Other

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software