[olug] DNS exploit VU#800113 - should we be alarmed?

Will Langford unfies at gmail.com
Tue Jul 15 20:41:51 UTC 2008


Sorry, and to answer the 'should we be alarmed' question...

I believe it a serious concern, yes.  Being able to guess ports and
serial id's and such are very much a problem.  Alot of devices or
software use a DNS resolution for software updates... whether
application or OS level... and I'd believe alot of non-authorative dns
setups would be in a caching manner, etc... although I have no
authority to speak on such matters.  Just imagine if windows update
was compromised.

-Will



More information about the OLUG mailing list