[127739] in cryptography@c2.net mail archive
Re: Kaminsky finds DNS exploit
daemon@ATHENA.MIT.EDU (Harald Hanche-Olsen)
Wed Jul 9 16:09:48 2008
Date: Wed, 09 Jul 2008 14:39:42 -0500 (CDT)
To: cryptography@metzdowd.com
From: Harald Hanche-Olsen <hanche@math.ntnu.no>
In-Reply-To: <4874F40D.6030003@jkemp.net>
+ John Kemp <john@jkemp.net>:
> It does seem he would like an air of some mystery to exist though
> until he makes his presentation about the issue at Defcon - did he,
> himself, discover something new? We'll just have to wait, unless we
> go play with the BIND code ourselves.
Unless he is merely blowing smoke, it would seem that he discovered
some little twist that makes the known vulnerability much more easily
exploitable than previously assumed. That would explain his statement:
the patch fixes a well known vulnerability, and as a side effect stops
the more serious attack, in effect making it hard to tell what is
involved in that attack from reading the patch.
- Harald
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
