On Thu, 24 Jul 2008 09:10:13 -0500 "Jorge Amodio" <jmamodio@gmail.com> wrote:
Sure, I can empathize, to a certain extent. But this issue has been known for 2+ weeks now.
Well we knew about the DNS issues since long time ago (20+yrs perhaps?), so the issue is not new, just the exploit is more easy to put together and chances for it to succeed are much higher.
This is important. Kaminsky took a known concept and did the hard engineering work to make it feasible. To slightly misuse a quote that's more often applied to crypto, "amateurs worry about algorithms; pros worry about economics". The economics of the attack have now changed. (And we need to get DNSSEC deployed before they change even further.) --Steve Bellovin, http://www.cs.columbia.edu/~smb