Dan Kaminsky

Curtis Maurand cmaurand at xyonet.com
Tue Aug 4 12:32:42 CDT 2009


andrew.wallace wrote:
> On Thu, Jul 30, 2009 at 11:48 PM, Dragos Ruiu<dr at kyx.net> wrote:
>   
>> at the risk of adding to the metadiscussion. what does any of this have to
>> do with nanog?
>> (sorry I'm kinda irritable about character slander being spammed out
>> unnecessarily to unrelated public lists lately ;-P )
>>
>>     
>
> What does this have to do with Nanog, the guy found a critical
> security bug on DNS last year.
>   
He didn't find it.  He only publicized it.  the guy who wrote djbdns 
fount it years ago.  Powerdns was patched for the flaw a year and a half 
before Kaminsky published his article.

http://blog.netherlabs.nl/articles/2008/07/09/some-thoughts-on-the-recent-dns-vulnerability

"However - the parties involved aren't to be lauded for their current 
fix. Far from it. It has been known since 1999 that all nameserver 
implementations were vulnerable for issues like the one we are facing 
now. In 1999, Dan J. Bernstein <http://cr.yp.to/djb.html> released his 
nameserver (djbdns <http://cr.yp.to/djbdns.html>), which already 
contained the countermeasures being rushed into service now. Let me 
repeat this. Wise people already saw this one coming 9 years ago, and 
had a fix in place."


--Curtis



More information about the NANOG mailing list