DNS Exploit in the Wild
Kim Zetter writes on Threat Level:
Well it took a little longer than expected so it's not quite a zero-day exploit, but the anticipated attack code to exploit the critical Kaminsky DNS cache-poisoning flaw is now in the wild (assuming there wasn't one already out there).More here.
Let's call it a .5-day exploit.
HD Moore, creator of the Metasploit Framework research and hacking tool, pinged me that he's just released the code. System administrators who dragged their feet over updating their DNS servers have lost the race . . . so to speak. But that doesn't mean it's too late to patch your system.