Re: DNS flaw plugged by vendors
I was wondering whether this was the sort of vulnerability that needed a patch pushing through outside of the normal cycle, but having reviewed it as much as possible I don't think it is. I think all the hype is centred around the fact that it is a vulnerability affecting multiple implementations from different providers, but that makes it more of an interesting anomaly than anything else. We will be updating our DNS in the usual cycle. 2008/7/9 Michael Ross [EMAIL PROTECTED]: Its doesn't matter which type of DNS you're using. This is a vulnerability in the protocol itself, not in whose implementation of it you like or dislike. Earlier this year, professional security research Dan Kaminsky discovered a major issue in how Internet addresses are managed (Domain Name System, or DNS). This issue was in the design of DNS and not limited to any single product. -Original Message- From: Jim McAtee [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2008 12:22 PM To: NT System Admin Issues Subject: Re: DNS flaw plugged by vendors Out-of-band? He he. We've updated BIND. Of course, we don't use any Microsoft DNS servers for public facing DNS. - Original Message - From: James Rankin [EMAIL PROTECTED] To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, July 09, 2008 1:30 AM Subject: DNS flaw plugged by vendors http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in- dns-massive-multivendor-patch-released/http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/ Is anyone taking any remedial action about this out-of-band? It seems to be presented as quite threatening... ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: DNS flaw plugged by vendors
I would think if you get it done before the Black Hat meeting where the researcher is going to make public the details you should be fine. In one article it was mentioned that it was expected that several attempts to use this vulnerability would be made within a week of those details being made public. I don't know if that is true or not but there are enough examples of people using details of or reverse engineering of patches to make worm/Trojans/viruses that use the patched vulnerability to make that statement plausible. Jon On Thu, Jul 10, 2008 at 3:21 AM, James Rankin [EMAIL PROTECTED] wrote: I was wondering whether this was the sort of vulnerability that needed a patch pushing through outside of the normal cycle, but having reviewed it as much as possible I don't think it is. I think all the hype is centred around the fact that it is a vulnerability affecting multiple implementations from different providers, but that makes it more of an interesting anomaly than anything else. We will be updating our DNS in the usual cycle. 2008/7/9 Michael Ross [EMAIL PROTECTED]: Its doesn't matter which type of DNS you're using. This is a vulnerability in the protocol itself, not in whose implementation of it you like or dislike. Earlier this year, professional security research Dan Kaminsky discovered a major issue in how Internet addresses are managed (Domain Name System, or DNS). This issue was in the design of DNS and not limited to any single product. -Original Message- From: Jim McAtee [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2008 12:22 PM To: NT System Admin Issues Subject: Re: DNS flaw plugged by vendors Out-of-band? He he. We've updated BIND. Of course, we don't use any Microsoft DNS servers for public facing DNS. - Original Message - From: James Rankin [EMAIL PROTECTED] To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, July 09, 2008 1:30 AM Subject: DNS flaw plugged by vendors http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in- dns-massive-multivendor-patch-released/ Is anyone taking any remedial action about this out-of-band? It seems to be presented as quite threatening... ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: DNS flaw plugged by vendors
FUD S From: James Rankin [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2008 4:31 AM To: NT System Admin Issues Subject: DNS flaw plugged by vendors http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/ Is anyone taking any remedial action about this out-of-band? It seems to be presented as quite threatening... ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: DNS flaw plugged by vendors
FUD? Fear, uncertainty and doubt? Why would these guys gain from spreading that? To the original poster, the vulnerability appears to be that cache poisoning can occur. If your own DNS servers can not be accessed by malicious users, then I think you're safe for the time being, but of course any upstream DNS server might not be safe... There are reports on /. of the BIND patches having a significant performance impact. But I haven't seen any issues yet with the MS patch. Cheers Ken From: Steve Moffat [mailto:[EMAIL PROTECTED] On Behalf Of NTSysAdmin Sent: Wednesday, 9 July 2008 8:34 PM To: NT System Admin Issues Subject: RE: DNS flaw plugged by vendors FUD S From: James Rankin [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2008 4:31 AM To: NT System Admin Issues Subject: DNS flaw plugged by vendors http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/ Is anyone taking any remedial action about this out-of-band? It seems to be presented as quite threatening... ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
Re: DNS flaw plugged by vendors
Out-of-band? He he. We've updated BIND. Of course, we don't use any Microsoft DNS servers for public facing DNS. - Original Message - From: James Rankin [EMAIL PROTECTED] To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, July 09, 2008 1:30 AM Subject: DNS flaw plugged by vendors http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/ Is anyone taking any remedial action about this out-of-band? It seems to be presented as quite threatening... ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~
RE: DNS flaw plugged by vendors
Its doesn't matter which type of DNS you're using. This is a vulnerability in the protocol itself, not in whose implementation of it you like or dislike. Earlier this year, professional security research Dan Kaminsky discovered a major issue in how Internet addresses are managed (Domain Name System, or DNS). This issue was in the design of DNS and not limited to any single product. -Original Message- From: Jim McAtee [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 09, 2008 12:22 PM To: NT System Admin Issues Subject: Re: DNS flaw plugged by vendors Out-of-band? He he. We've updated BIND. Of course, we don't use any Microsoft DNS servers for public facing DNS. - Original Message - From: James Rankin [EMAIL PROTECTED] To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Wednesday, July 09, 2008 1:30 AM Subject: DNS flaw plugged by vendors http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in- dns-massive-multivendor-patch-released/ Is anyone taking any remedial action about this out-of-band? It seems to be presented as quite threatening... ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja!~ ~ http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm ~