| 1 |
On 28 Jul 2008, at 12:08, Norberto Bensa wrote: |
| 2 |
|
| 3 |
> Quoting Dan Farrell <dan@×××××××××.cx>: |
| 4 |
> |
| 5 |
>> Dan Kiersky's own description, and web-based nameserver checker: |
| 6 |
>> |
| 7 |
>> http://www.doxpara.com/ |
| 8 |
>> |
| 9 |
>> Alternate web-based nameserver checker (recommended by me! ) |
| 10 |
>> |
| 11 |
>> https://www.dns-oarc.net/oarc/services/dnsentropy |
| 12 |
> |
| 13 |
> I don't get these tests. Why do they probe _my_ IP and not the IP |
| 14 |
> of my DNS servers? What's the point on probing me if _maybe_ the |
| 15 |
> servers are not patched? |
| 16 |
|
| 17 |
Wild guess: the problem is with the client mode of operation. DNS |
| 18 |
servers are affected because their clients to the root name-servers. |
| 19 |
|
| 20 |
I think this vulnerability highlights the issue of using servers that |
| 21 |
you TRUST. |
| 22 |
|
| 23 |
It applies to other vulnerabilities, too. It doesn't matter if you |
| 24 |
revoke your SSH key and upload it to OpenForge if the OpenForge |
| 25 |
server itself is trusting an insecure SSH key, and an attacker can |
| 26 |
use it to get at your account that way. |
| 27 |
|
| 28 |
Stroller. |
Archives