[dns-operations] Subverting BIND's SRTT Algorithm Derandomizing NS Selection

Paul Ferguson fergie at people.ops-trust.net
Tue May 6 16:09:47 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Can anyone from ISC (bind maintainer) comment on this vulnerability,
especially regarding what versions are affected and if a fix is available?

https://www.usenix.org/conference/woot13/workshop-program/presentation/hay

I am presuming this is the same?

http://thehackernews.com/2014/05/critical-vulnerability-in-bind-software.html

Thanks,

- - ferg



- -- 
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iF4EAREIAAYFAlNpCUsACgkQKJasdVTchbJuHQD9GBAit5nEjjI3BCcYOErcTawR
ZBE6g4lTv1XneIVfdGcBALg18dpZ5euFZsv6OAbJHDtKvW6U+X0I40KN/Tub+2Xd
=c728
-----END PGP SIGNATURE-----



More information about the dns-operations mailing list