Dan Kaminsky

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Aug 4 13:19:08 CDT 2009


On Tue, 04 Aug 2009 13:32:42 EDT, Curtis Maurand said:

> > What does this have to do with Nanog, the guy found a critical
> > security bug on DNS last year.
> >   
> He didn't find it.  He only publicized it.  the guy who wrote djbdns 
> fount it years ago.  Powerdns was patched for the flaw a year and a half 
> before Kaminsky published his article.

Yeah, and Robert Morris Sr wrote about a mostly-theoretical issue with TCP
sequence numbers back in 1985. Then a decade later, some dude named Mitnick
whacked  the workstation of this whitehat Shimomura, and the industry
collectively went "Oh ****, it isn't just theoretical" and Steve Bellovin got
to write RFC1948.

(Mitnick was the first *well known* attack using it that I know of - anybody
got a citation for an earlier usage, either well-known or 0-day?)

> "Wise people already saw this one coming 9 years ago, and had a fix in place."

Yes, but a wise man without a PR agent doesn't do the *rest* of the community
much good.  A Morris or Bernstein may *see* the problem a decade before, but
it may take a Mitnick or Kaminsky to make the *rest* of us able to see it...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20090804/eff17a67/attachment.bin>


More information about the NANOG mailing list