The inherent flaw in DNS was expected to get entangled in politics. The complexity of the matter is due to the weight of name resolution being an essential piece of the internet. DNSSEC is an immediate step that certainly doesn't mitigate the flaw entirely. However, it is a control that puts malicious attempts at a worse exploit ratio. As for Kaminsky? No invested interest here, but have you read how he disclosed his discovery and why did wait to surface back to the press? Doesn't sound like PR to me...

-Y

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/911/2829#2829