[plug] Hackers get hold of critical web flaw | Australian IT
Mike Holland
michael.holland at gmail.com
Mon Jul 28 09:16:17 WST 2008
Simon Newton wrote:
> Just to be clear here: If you run a recursive resolver you need to patch NOW
What!? You mean like the one in the home or office modem/router?
OK, ... my bind is updated, but doxpara.com still says I'm vulnerable.
Ah - remove forwarders to my ISP . Nows its OK.
So I wasn't really recursive, and I suppose that's how most
modem/routers work?
There is no detail at the linked article, but http://www.doxpara.com/
has an explanation now.
I had no idea that DNS authentication was so weak.
If http/ftp/telnet/etc can be replaced by protocols with proper crypto,
why not DNS?
Which Australian ISPs are still vulnerable?
I can start the list with hutchison ('3').
More information about the plug
mailing list