New DNS exploit

A couple of weeks ago I read about a vulnerability in the DNS protocol that could potentially affect every DNS server in the planet. Note that this is not a problem in the implementation of the protocol, but in its design.

Today I read in Ars Technica that a security company called “Matasano Security” had published “accidentally” in their blog, some information that led to revealing the vulnerability, until that point kept a secret. Now there’s a new DNS exploit causing havoc all over the net.

I’m not into conspiracy theories, but this does sound like one to me. First of all, because it just seems like this could only be beneficial to the same security companies keeping the vulnerability a secret while issuing a fix for it.

Second, “Matasano”. In spanish, a matasano is a doctor who basically will end up killing you when you don’t even need treatment: mata = kill, sano = healthy.

It could just be ideas, but it does seem very suspicious how a vulnerability like this could “accidentally” be revealed.

1 Comment

Filed under Uncategorized

One response to “New DNS exploit

  1. Jane

    You’re missing half the situation.

    Matasano (known for some of the most respected security researchers out there) was not the first to publish details – it was Halvar Flake who thought Kaminsky holding off on telling details was doing no favors if someone like him (Flake) with not much knowledge of DNS could figure out what it was, so Flake posted what he thought was the vulnerability on his blog – pure guessing.

    Someone at Matasano then figured that what Flake posted was close enough to the truth (since they were one of the researchers who were in communication with Kaminsky) and posted that long analysis…then subsequently pulled it and apologised.

    The only reason why Kaminsky kept this secret (well, if you ignore that he was going to do a presentation on this at BH in August) is so people could patch this fast enough..well, that didn’t happen in a lot of cases even with almost two weeks from Kaminsky’s announcement and multivendor patch to the Matasano post (and personally I doubt people would have patched it that fast anyway).

    It’s far from suspicious.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s