[dns-operations] "Cybercrooks exploiting new Windows DNS flaw"
brett at the-watsons.org
Fri Apr 13 22:56:40 UTC 2007
On Apr 13, 2007, at 1:44 PM, Stasiniewicz, Adam wrote:
> Yes, if you are an ISP, registrar, DNS host, large company, etc.
> But not one of them are running external Windows DNS servers. I am
> referring to those small and medium size companies who use Windows
> for their internal and external DNS. As those will be the only
> people who would make a Windows DNS server Internet accessible.
That's just not true. In my experience, there are plenty of large,
multi-million/billion $/year companies that put Windows boxes right
out in the open (DNS and other services enabled), as well as plenty
of ISPs, etc.
I just don't think you can make generalizations like that and assume
only small/mid size companies make these mistakes.
I'm making know predictions on the scope of this specific exploit but
I think it has the potential to be a lot bigger than you think.
More information about the dns-operations