It appears matasano posted an explanation of Dan Kaminsky's DNS issue to their blog today, but looks like it may have been yanked back down. My google reader account nabbed it via the RSS feed while it was up.
It looks like maybe they had this typed up, ready to hit "post" as soon as someone else figured it out? They had advance knowledge of the issue via conference calls with Kaminsky. Halvar Flake posted some speculation on what the issue was, but his speculation was not the full issue; only a re-hash of previously known issues. In any event, Halvar's ideas were close, but incomplete. Matasano filled in the missing details, possibly by accident. :) Details: http://blog.invisibledenizen.org/2008/07/kaminskys-dns-issue-accidentally-leaked.html -N _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/