Don't think they are anything to start performing any panic-patching on - but even the Blaster vulnerability, which was the worst I can remember in recent times, had a nice long window for check-and-test before the virus hit. I seem to remember our clients at the time umming and aaahing about applying patches to their workstations for weeks and then flapping as the Blaster disappeared straight up the ass of their biggest site.
2008/7/17 Ziots, Edward <[EMAIL PROTECTED]>: > I don't think they are overblown at all, he found a flaw made sure it got > reported correctly to a lot of vendors, got it coordinated for patches and > then the details was released. There has been a rash of DNS exploits lately > so it seems like a good target given its criticality to the Internet as a > hole. He did it thoroughly and responsibly, which is proper ethical > conduct. > > > > Z > > > > Edward E. Ziots > > Network Engineer > > Lifespan Organization > > MCSE,MCSA,MCP,Security+,Network+,CCA > > Phone: 401-639-3505 > ------------------------------ > > *From:* David Lum [mailto:[EMAIL PROTECTED] > *Sent:* Thursday, July 17, 2008 9:32 AM > *To:* NT System Admin Issues > *Subject:* Comments on the recent DNS Cache poisoning hoopla > > > > DNS flaws called overblown by researcher > > > http://security.blogs.techtarget.com/2008/07/14/dns-flaws-called-overblown-by-researcher/ > > > > Anyone care to comment? I've read a lot about this DNS stuff and Dan > Kaminsky's work…and of course, his comments here: > > http://www.doxpara.com/ > > > > Anyone here have anything to add? > > > > *Dave Lum* > Systems Engineer > " When you step on the brakes your life is in your foot's hands." > > > > > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
