Dan Kaminsky
Curtis Maurand
cmaurand at xyonet.com
Tue Aug 4 17:32:42 UTC 2009
andrew.wallace wrote:
> On Thu, Jul 30, 2009 at 11:48 PM, Dragos Ruiu<dr at kyx.net> wrote:
>
>> at the risk of adding to the metadiscussion. what does any of this have to
>> do with nanog?
>> (sorry I'm kinda irritable about character slander being spammed out
>> unnecessarily to unrelated public lists lately ;-P )
>>
>>
>
> What does this have to do with Nanog, the guy found a critical
> security bug on DNS last year.
>
He didn't find it. He only publicized it. the guy who wrote djbdns
fount it years ago. Powerdns was patched for the flaw a year and a half
before Kaminsky published his article.
http://blog.netherlabs.nl/articles/2008/07/09/some-thoughts-on-the-recent-dns-vulnerability
"However - the parties involved aren't to be lauded for their current
fix. Far from it. It has been known since 1999 that all nameserver
implementations were vulnerable for issues like the one we are facing
now. In 1999, Dan J. Bernstein <http://cr.yp.to/djb.html> released his
nameserver (djbdns <http://cr.yp.to/djbdns.html>), which already
contained the countermeasures being rushed into service now. Let me
repeat this. Wise people already saw this one coming 9 years ago, and
had a fix in place."
--Curtis
More information about the NANOG
mailing list