On Thu, 24 Jul 2008 09:10:13 -0500 "Jorge Amodio" <[EMAIL PROTECTED]> wrote:
> > > > Sure, I can empathize, to a certain extent. But this issue has > > been known for 2+ weeks now. > > > > Well we knew about the DNS issues since long time ago (20+yrs > perhaps?), so the issue is not new, just the exploit is more easy to > put together and chances for it to succeed are much higher. > This is important. Kaminsky took a known concept and did the hard engineering work to make it feasible. To slightly misuse a quote that's more often applied to crypto, "amateurs worry about algorithms; pros worry about economics". The economics of the attack have now changed. (And we need to get DNSSEC deployed before they change even further.) --Steve Bellovin, http://www.cs.columbia.edu/~smb