A couple of weeks ago I read about a vulnerability in the DNS protocol that could potentially affect every DNS server in the planet. Note that this is not a problem in the implementation of the protocol, but in its design.
Today I read in Ars Technica that a security company called “Matasano Security” had published “accidentally” in their blog, some information that led to revealing the vulnerability, until that point kept a secret. Now there’s a new DNS exploit causing havoc all over the net.
I’m not into conspiracy theories, but this does sound like one to me. First of all, because it just seems like this could only be beneficial to the same security companies keeping the vulnerability a secret while issuing a fix for it.
Second, “Matasano”. In spanish, a matasano is a doctor who basically will end up killing you when you don’t even need treatment: mata = kill, sano = healthy.
It could just be ideas, but it does seem very suspicious how a vulnerability like this could “accidentally” be revealed.