Microsoft Windows Vista Community Forums - Vistaheads
Recommended Download



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Driver Scanner

Kaminsky DNS Bug Claimed Fixed By 1-Character Patch

General Technology News






Speedup My PC
Reply
  #1 (permalink)  
Old 08-29-2008
Steve's Avatar
Moderator
 

Join Date: Sep 2006
Location: Emerald Isle
Posts: 88,548
Steve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant futureSteve has a brilliant future
Thanks: 24
Thanked 178 Times in 45 Posts
Kaminsky DNS Bug Claimed Fixed By 1-Character Patch
An anonymous reader writes "According to a thread on the bind-users mailing list, there is nothing inherent in the DNS protocol that would cause the massive vulnerability discussed at length here and elsewhere. As it turns out, it appears to be a simple off-by-one error in BIND, which favors new NS records over cached ones (even if the cached TTL is not yet expired). The patch changes this in favor of still-valid cached records, removing the attacker's ability to successfully poison the cache outside the small window of opportunity afforded by an expiring TTL, which is the way things used to be before the Kaminsky debacle. Source port randomization is nice, but removing the root cause of the attack's effectiveness is better." Update: 08/29 20:11 GMT by KD : Dan Kaminsky sent this note: "What Gabriel suggests is interesting and was considered, but a) doesn't work and b) creates fatal reliability issues. I've responded in a post here."http://slashdot.org/slashdot-it.pl?f...8/08/29/127210
Read more of this story at Slashdot.
http://rss.slashdot.org/~a/Slashdot/slashdot?i=Mx2oDA


More...
Reply With Quote
Sponsored Links
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Brief: "One-Character Patch" for DNS? Not so fast Steve Security News 0 08-29-2008 21:40
Kaminsky DNS Bug Claimed Fixed By 1-Character Patch Steve General Technology News 0 08-29-2008 14:00
Kaminsky suggests long-term fix will still have to be determined, but patch now, or pay soon Steve Security News 0 07-24-2008 23:00
Dan Kaminsky breaks DNS, massive multi-vendor patch coming, details at Black Hat Vegas '08 Steve Security News 0 07-08-2008 23:30
Article ID: 936060 An incorrect character is displayed when you input a character in an ANSI-based application on a computer that is running Windows Vista KBArticles English 0 10-22-2007 20:00




All times are GMT +1. The time now is 15:55.




Driver Scanner - Free Scan Now

Vistaheads.com is part of the Heads Network. See also XPHeads.com , Win7Heads.com and Win8Heads.com.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.6.0 RC 2

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120