I don’t think there are many corporations that purely have the consumer’s “best interest” at heart when they design software or email clients or web bots or spam or phishing bots or cookies or pop-up ads or OS’es or web browsers or any other identity theft applications.

…Didn’t anyone hear about TJ Maxx or Hannaford Bros. ?? Yeah… I think that is how the DNS flaw is implemented as one (or more) ij the aforementioned applications.

The problem is that the ID field is not sufficiently long enough to be meaningfully random. The simple solution is to just randomize the source port to effectively increase the number space that has to be guessed in order to forge replies. It is still weak but it is sufficient for now.

All the major vendors got together and decided upon the same solution. They acted in unison to avoid the very problem you’re accusing them of trying to create. So what if one company implements a whack solution and nobody else does. That would be like trying to invent a new, secure, and incompatible email protocol to fight SPAM. It might work great between you and your partners but if it isn’t compatible with the rest of the world then nobody is going to give a crap.

DNS is the same. If your new change doesn’t work with all the other resolvers and servers out there then it just isn’t going to be accepted.

Are you going to doubt every corporate product and patch because of your baseless paranoia? Good luck being productive in this world…

If a “Commercial Entity, like Microsoft wanted to design a patch that would Specifically Enhance there(sic) products” they would package it up and release it without having to exploit ANY DNS bug! OH WAIT! They already do that! They’re called “Service Packs”! LOL! Commercial software vendors should be ENCOURAGED to add features and exploits in their software that their competition can’t or won’t exploit. We live in America not Zimbabwe. I want my software vendors to try and differentiate their software as much as they can so that I, the consumer, will benefit.

So, mn2009, get out of the paranoid world you fill with aliens, JFK assassins and meany commerical entities and let the software vendors do what they do best.

Were now into the Digital age, Digital Watches, Cellphones, GPS, PDA’s, World Wide Network Infrastructures Linking Billions of individual Networks containing 100’s of Workstations and servers.

Theres just one problem, when we had the real chance to fix it in the 90’s when there was less influence we didnt, why? because we figured no one has given us a reason to!…

But, Now theres a bigger problem, with the majority of Software on the Planet being Closed Source, what stops a Commercial Entity, like Microsoft, from Designing a patch that would Specifically Enhance there products but cause underlying problems for other OS’es?

This may be the Digital age but its also the, Age of Deception.
What stops them from phishing then? who says that the patch maker will make the patch in the Peoples best interest not the Cooperation that will most likely make such a patch?

What? I agree with earlier commentators — you do the internet a disservice through your gross negligence in reporting. You do not understand the problem, and you’re clearly not qualified to make a determination of its severity.

Where is the source of this statement coming from? It seems like the author just “made it up”! It is completely false, misleading and, worst of all, could lead a reader to a false sense of security. The author of this article doesn’t seem to understand what DNS is, how DNS servers are used or why understanding this vulnerability is NOT an overreation. No, Mr. Deleon, the worst that could happen is NOT the redirection to a CNN phishing site! The worst that could happen is a total confiscation of your Email server, both inbound and outbound, along with confiscation of your IP meeting software, VOIP snooping and a LOT more! Mr. Deleon seems to think the extent of this problem is a simple little browser redirect. He has NO CLUE of the extent to which companies today use the Internet and DNS.

This lazy, uninformed and uneducated author should at the very least be kept from reporting on techinical topics and more properly fired for incompetence.

This is a very serious flaw that has been around forever but has not yet been exploited on a large scale. With today’s botnets and high speed Internet, it is far more likely to be exploited than it was previously and it is a good idea to seal up this hole before we have a wide-scale malware and identity theft explosion.

The worst-case scenario is NOT that you get redirected from CNN to a phishing site. The worst-case scenario is that you get your mail server redirected and the entire contents of your email snooped without ever knowing it. You get your financial information, banking passwords, forums passwords, and virtually your entire online identity stolen and sold on the black market without even noticing until serious damage has been done. It opens up the doors to man-in-the-middle attacks which are generally difficult to implement but very dangerous.

Whoever wrote this article knows absolutely nothing about security.

Leave it to the LA times to take this “news” and run with it like it was some major event. A small amount of information in the hands of the ignorant is dangerous.