[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
bert hubert
bert.hubert at netherlabs.nl
Thu Jul 10 21:57:20 UTC 2008
On Thu, Jul 10, 2008 at 05:21:59AM +0000, Paul Vixie wrote:
> > But I still reserve the right to give you a gigantic raspberry if the
> > "exploit" turns out to be something every single person on this list
> > realized before we finished reading the advisory (and many of us
> > though of years earlier but were too lazy to do anything about it).
>
> tell you what, put your ideas in an envelope, signed and dated, and
> mail it (postal system) to a neutral third party, to be opened august
> 7. if you had it, i will publically congrat you, and buy you a beer.
Patrick, I'll get you one too. The stuff that has been discovered is
non-trivial and stunning. It took several attempts for me to 'get' it, and
I've been writing nameservers for a decade now.
I bet that people will claim 'with hindsight' that they saw this exact
problem coming. That is where the envelope comes in!
Bert
--
http://www.PowerDNS.com Open source, database driven DNS Software
http://netherlabs.nl Open and Closed source services
More information about the dns-operations
mailing list