CrunchGear

This has only been a problem since DNS was invented, like more than 20 years ago, and you’re just reporting it now, as if it was “news”?
Where have you been?

Let me put my concern this way;
“Zzzzzzzz”

Leave it to the LA times to take this “news” and run with it like it was some major event. A small amount of information in the hands of the ignorant is dangerous.

As punishment for being stupid. The LA Times who has been desperate to claim “we were the first to report” since they have been losing money for a while, thats why this is such a sloopy article. The LA Times as punishment, is going to change its name for one day to “I’m With Stoopid”. Way to report something that we already knew about. BTW how about reporting the real story. Like how Microsofts patch is locking out people who have Zone Alarm installed?

haha There’s this new next-generation format for DVDs that brings high definition. There will be two competing formats. One called Blu-ray and other called HD DVD. After an unnecessary battle and little fanfare, Blu-ray will win out. The results won’t change anything as the impact from VHS-to-DVD difference isn’t dramatic enough to warrant upgrading to Blu-ray. An upconverting DVD player will do the trick just fine until scientists develop the capability of having 3-D microchip implanting in our brains to make it feel like we’re IN the movie! I’ll tell you in 12 years when get around to realizing the obvious.

Be professional and spell check before publishing articles.

You are the one who should look into the facts. This is a new way of attacking (ha ha) this issue. And not everyone is being patched. Do you have any idea how many (for example) BIND 8 servers are still out in the world? They will not be patched as BIND 8 is end of lifed.

This is a worthless article that appears to have no point, offer no new or insightful information, and is misleading to the public.

This is a very serious flaw that has been around forever but has not yet been exploited on a large scale. With today’s botnets and high speed Internet, it is far more likely to be exploited than it was previously and it is a good idea to seal up this hole before we have a wide-scale malware and identity theft explosion.

The worst-case scenario is NOT that you get redirected from CNN to a phishing site. The worst-case scenario is that you get your mail server redirected and the entire contents of your email snooped without ever knowing it. You get your financial information, banking passwords, forums passwords, and virtually your entire online identity stolen and sold on the black market without even noticing until serious damage has been done. It opens up the doors to man-in-the-middle attacks which are generally difficult to implement but very dangerous.

Whoever wrote this article knows absolutely nothing about security.

The writer of the article should get fired for being so STUPID!!
Do some homework next time or take computers 101..

The writer of the article should get fired for being so STUPID!!
Do some homework next time or take computers 101..

“That’s the theoretical worst case scenario, but the odds of that actually happening are pretty small.”

Where is the source of this statement coming from? It seems like the author just “made it up”! It is completely false, misleading and, worst of all, could lead a reader to a false sense of security. The author of this article doesn’t seem to understand what DNS is, how DNS servers are used or why understanding this vulnerability is NOT an overreation. No, Mr. Deleon, the worst that could happen is NOT the redirection to a CNN phishing site! The worst that could happen is a total confiscation of your Email server, both inbound and outbound, along with confiscation of your IP meeting software, VOIP snooping and a LOT more! Mr. Deleon seems to think the extent of this problem is a simple little browser redirect. He has NO CLUE of the extent to which companies today use the Internet and DNS.

This lazy, uninformed and uneducated author should at the very least be kept from reporting on techinical topics and more properly fired for incompetence.

“Any competent sysadmin monitoring traffic should notice the irregular activity, and configure his firewall accordingly.”

What? I agree with earlier commentators — you do the internet a disservice through your gross negligence in reporting. You do not understand the problem, and you’re clearly not qualified to make a determination of its severity.

1983, The first DNS server was designed on a Arpanet Network, this “Bug” was there then. They knew it, but they knew also that it was Specifically designed for Military Communication. Not Civilian/Residential/Commercial at the time.

Were now into the Digital age, Digital Watches, Cellphones, GPS, PDA’s, World Wide Network Infrastructures Linking Billions of individual Networks containing 100’s of Workstations and servers.

Theres just one problem, when we had the real chance to fix it in the 90’s when there was less influence we didnt, why? because we figured no one has given us a reason to!…

But, Now theres a bigger problem, with the majority of Software on the Planet being Closed Source, what stops a Commercial Entity, like Microsoft, from Designing a patch that would Specifically Enhance there products but cause underlying problems for other OS’es?

This may be the Digital age but its also the, Age of Deception.
What stops them from phishing then? who says that the patch maker will make the patch in the Peoples best interest not the Cooperation that will most likely make such a patch?

Babble babble babble. You’re only slightly more informed than the original article, but completely paranoid.

The problem is that the ID field is not sufficiently long enough to be meaningfully random. The simple solution is to just randomize the source port to effectively increase the number space that has to be guessed in order to forge replies. It is still weak but it is sufficient for now.

All the major vendors got together and decided upon the same solution. They acted in unison to avoid the very problem you’re accusing them of trying to create. So what if one company implements a whack solution and nobody else does. That would be like trying to invent a new, secure, and incompatible email protocol to fight SPAM. It might work great between you and your partners but if it isn’t compatible with the rest of the world then nobody is going to give a crap.

DNS is the same. If your new change doesn’t work with all the other resolvers and servers out there then it just isn’t going to be accepted.

Are you going to doubt every corporate product and patch because of your baseless paranoia? Good luck being productive in this world…

Oh, good lord mn2009!

If a “Commercial Entity, like Microsoft wanted to design a patch that would Specifically Enhance there(sic) products” they would package it up and release it without having to exploit ANY DNS bug! OH WAIT! They already do that! They’re called “Service Packs”! LOL! Commercial software vendors should be ENCOURAGED to add features and exploits in their software that their competition can’t or won’t exploit. We live in America not Zimbabwe. I want my software vendors to try and differentiate their software as much as they can so that I, the consumer, will benefit.

So, mn2009, get out of the paranoid world you fill with aliens, JFK assassins and meany commerical entities and let the software vendors do what they do best.

John B,

I don’t think there are many corporations that purely have the consumer’s “best interest” at heart when they design software or email clients or web bots or spam or phishing bots or cookies or pop-up ads or OS’es or web browsers or any other identity theft applications.

…Didn’t anyone hear about TJ Maxx or Hannaford Bros. ?? Yeah… I think that is how the DNS flaw is implemented as one (or more) ij the aforementioned applications.