[ga] More on/update to: BIND Still Susceptible To DNS Cache Poisoning

["Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>]

All,

  Well it seems that the ISC patch didn't do all that much.  Typical.
This is what happens when you have less than interested folks
attempting to do security related fix's.

  Lets hope DHS gets on the ball and gets this noted soon!
I am relatively sure ICANN won't.

  Yet, our BindPlus stands up to the test so far!  >:)  No holes
here.  I wonder how Berstein's is doing?

See:
John Markoff of the NYTimes writes about a
Russian hacker, Evgeniy Polyakov, who has
http://www.nytimes.com/2008/08/09/technology/09flaw.html?partner=rssnyt&emc=rss
successfully poisoned the latest, patched BIND with randomized ports.
Originally, the randomized ports were never supposed to completely solve
the problem, but just make it
http://it.slashdot.org/article.pl?sid=08/07/08/195225&tid=172 harder
to do. It was thought that with port randomization, it would
take roughly a week to get a hit. Using his own
http://tservice.net.ru/~s0mbre/blog exploit code, two desktop
computers and a GigE link, Polyakov reduced the time to 10
hours.

Regards,

Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
"Obedience of the law is the greatest freedom" -
   Abraham Lincoln

"Credit should go with the performance of duty and not with what is
very often the accident of glory" - Theodore Roosevelt

"If the probability be called P; the injury, L; and the burden, B;
liability depends upon whether B is less than L multiplied by
P: i.e., whether B is less than PL."
United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
===============================================================
Updated 1/26/04
CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
div. of Information Network Eng.  INEG. INC.
ABA member in good standing member ID 01257402 E-Mail
jwkckid1@xxxxxxxxxxxxx
My Phone: 214-244-4827