A possible explanation of the DNS vulnerability got posted on Matasano Chargen, an excellent infosec blog. This is neat because Matasano’s principle, Tom, has already gotten the entire story from Dan—he knows all the details we don’t. It was written well enough, and Tom’s credibility is high enough, to assume it was a draft he had ready to fire off as soon as the exploit was public on the sixth.
It was pulled very quickly. I have a copy in my Google Reader cache.
I thought it was a bad guess, but the retraction and the dailydave thread that it sourced getting closed (not uncommon there) have me curious. Why publish a thought experiment without captures proving it? Also, I think the post was from an intern’s account on the blog. Oops.
Then Dan Kaminsky twittered:
“DNS bug is public. You need to patch, or switch to opendns, RIGHT NOW. Could”
And blogged…
Patch. Today. Now. Yes, stay late. Yes, forward to OpenDNS if you have to. (They’re ready for your traffic.) Thank you to the many of you who already have.
Which has me (and many others) convinced that this is legit and we might start hearing about attempts. Did Dan’s hype backfire?
- Richard is right, the NAT question is also interesting (and why I have been asking for architecture diagrams lately)
- This will be trivial to detect on the wire with traditional IDS/IPS
- I’d like proof of the ‘in-bailiwick’ premise of the last paragraph
- Dan probably has something better than this but who knows?
- This has already won a pwnie, excellent.
ƒ
@wardspan where are the cool kids?
RT @0xcharlie: Yeah! @dionthegod won the pwnie for best research. Congrats!
@jackwillk welcome, I am at the far side of the pool wishing I had my suit.
@charmsec I'll need you to set up the Skype telepresence rig you promised me. I look forward to catching up w/ those of you in LV this week!
Because @_defcon_ attendees are changing their profile pictures to network easier, I've found a video to augment mine: http://goo.gl/ATYN
@kathybarnett it's tough to cycle without going clipless.
The real advantage though: Goofy shoes + Bunny-hops.
I'm clicking a cow.
http://goo.gl/Wiad
"Hi, I hold ignorant and often illogical, divisive positions."
...
"refudiate—oops, refute/repudiate. *undo*"
LANGUAGE GAFFES! BURN HER!
One of our cats has a clear plastic cone-collar on 'til something clears up. Her reaction suggest like she's experiencing the 4th dimension.
I͈̮͕̼͓̗͚̎͗̊̈́ͤ̋t͍͉͎͇̫̥͍̿͒̔̊̏'s͖̻̩̙̮̘͇ Z̮̱̼̟̘̙̰ͪͭa̮̗̱͙̞̻͛̂ͅl͕̋́̽d̲̰̱ͯͅo͚ͮ͑ͨ͋̋̓ ̗̳͚̯ͫ̉͐̂ͫͨḁ͚̩̗̂̂̊ͨ̊g͚͚̘̜̦̲ͦ̊ͭ̇̚ͅa̝ͥ͂ͭ̍̿ȉ͈͆ͬ̃̌n̼͙͉͚̜̾͆ͯ̾̂.
Logged User-Agent strings differing from legit ones by typos or truncation are:
a) Purloined letters
b) Lazy
c) Stupid
d) What are logs?
@will_torres uh, hey Will?
Wanna see my bracket for the World Cup?
[
@bbaskin An expanded URL only claims to not be a 302.
The web is a Skinner box: I just frantically click on everything underlined. Yay!
I accidentally bought a large-print _Evil_Eye_The_Origins_And_Practices_of_Superstition.
And you know what that means.
http://goo.gl/WmAk
@jackwillk getting back into home brewing is as easy as having an address to ask @MoreBeer_B3 to send ingredients to. Go for it!
I enjoyed @cshirky's Cognitive Surplus this week.
Where Carr seems to continue rediscovering Plato on media, Shirky finds opportunity.
"Memes!", H4cKe® said, kicking up his feet to pause from writing "show-us-your-tits" jokes on his black-background website.
#pebkac
@jackwillk at least you acknowledge that your fear is irrational! http://goo.gl/2kZ0
