Jul 09 2008
Marcus Sachs over at the Internet Storm Center suggests that a vulnerability in Windows XP DNS resolver found 3 years ago is the same vulnerability Dan Kaminsky found and multiple companies patched yesterday. While it might be related, it’s not the same thing. First of all, Dan’s vulnerability isn’t just in resolvers, it affects any system using DNS, either as a resolver or as a name server. Second, this outlines a Man in the Middle Attack and Dan specifically stated that his vulnerability is a remotey executable attack, meaning there doesn’t need a MITM.
As an interesting side note, Thomas Ptacek points out that Dan could have made a lot of money by selling this to Tipping Point or someone else. He didn’t and he put his reputation on the line to organize the vendors to patch this issue in a coordinated manner. Kudo’s to Dan and his team for taking the high road. Now we just have to wait until Black Hat to find out the real details of the vulnerability. I bet that’ll be a crowded talk.