DNS Drama Exposed (Dramatically)

[+] dangrover|17 years ago|reply

The article is a lot more fun if you read it to yourself in the movie trailer guy voice.

"In a WORLD where ONE MAN holds the KEY to the entire INTERNET!"

[+] joe_adk|17 years ago|reply

Don LaFontaine, recently deceased.

http://en.wikipedia.org/wiki/Don_LaFontaine

[+] chris11|17 years ago|reply

I realize this wired, but did they really have to dramatize it so much?. I mean, come on, talking about the possibility of routing the entire .com domain through his laptop? It sounded like something that Robert Ludlum would write.

[+] tlrobinson|17 years ago|reply

They also portray Kaminsky as a pathetic nobody working out of his lonely apartment, when in reality he was already well respected before the DNS flaw discovery.

[+] tsally|17 years ago|reply

> It sounded like something that Robert Ludlum would write.

Or John Markoff?

[+] technoguyrob|17 years ago|reply

Indeed. The title should have appended: "...dramatically."

[+] nickb|17 years ago|reply

If the information in an email were accidentally copied onto a hard drive, that hard drive would have to be completely erased, Vixie said.

Ridiculous. I doubt Vixie said that.

[+] jbyers|17 years ago|reply

I heartily recommend the author's previous work in Wired, "High Tech Cowboys of the Deep Sea." A bit lower on the drama dial, still quite interesting:

http://www.wired.com/science/discoveries/magazine/16-03/ff_s...

[+] thenextweb|17 years ago|reply

Lower on the drama? People get killed in that story, with the reporter present! I remember that story very well. Made an impression on me. more exciting than DNS flaws...

[+] st3fan|17 years ago|reply

I think this is a terrible article. Paul Vixie has done nothing to fix this situation. He certainly does not deserve the fame of the article.

Other DNS servers like DJB-DNS and PowerDNS have implemented proper port randomization as part of their design a LONG time ago. As a result of that those servers are completely unaffected by this DNS exploit.

Vixie and his Bind crew ignored the whole thing for a long time until it blew up in their face. Now it it just an excuse to roll out the monster that is called DNSSEC of course. Great marketing.

[+] tlrobinson|17 years ago|reply

Well, I'm no expert but it sounds like source port randomization is a bandaid, while DNSSEC is the better lasting solution.

[+] bprater|17 years ago|reply

Does anyone have a link detailing the exploit? I'm not a DNS expert, so something easily consumable would be great.

[+] epe|17 years ago|reply

As a fellow DNS non-expert, I found http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.htm... to be pretty clear.

[+] tlrobinson|17 years ago|reply

Just ask tptacek, I hear he likes to talk about it ;)

(Thomas Ptacek in the article == tptacek on Hacker News)

[+] unknown|17 years ago|reply

[deleted]

[+] sireat|17 years ago|reply

The author would probably make a pretty good screenwriter for Sneakers2. I guess the dictionary word of the day is bombastic...

[+] andr|17 years ago|reply

Technical summary, please?

[+] tlrobinson|17 years ago|reply

There's not much technical in this article, just an overly dramatized account of the history of this vulnerability.

Not exactly a "summary", but... http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.htm...

25 comments