| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <d9a86b3f0807230757m6d87b5ebr468ced9a484b694b@mail.gmail.com> Date: Wed, 23 Jul 2008 16:57:53 +0200 From: "mokum von Amsterdam" <smokum@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: The cat is indeed out of the bag On Wed, Jul 23, 2008 at 4:22 PM, Robert McKay <robert@...ay.com> wrote: > > > On Tue, Jul 22, 2008 at 3:36 AM, <monsieur.aglie@...hmail.com> wrote: >> >> from chargen 19/udp by ecopeland >> >> 0. >> >> The cat is out of the bag. Yes, Halvar Flake figured out the flaw >> Dan Kaminsky will announce at Black Hat. >> 1. > > I believe I may have found an important optimisation to this attack. > > Basically I observed that if you make a DNS request with a very long QNAME > then nameservers start dropping GLUE records in order to fit the reply into > the maximum UDP packet size. Are you not supposed to keep DNS issues under your hat and disclose at BH only? Cheers -- Mark Andrews wrote: > ... I like simple tools. This is the list for you then -- there are lots of folk meeting the description here... --- Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists