Valuable Lesson Emerges From DNS Flaw Handling
Dennis Fisher writes on Search Security:
Let us now praise the efforts of noble men. Dan Kaminsky, Paul Vixie, CERT and nameless dozens of engineers and admins at ISPs and backbone providers around the world did a tremendous job pulling together a massive, coordinated response to the DNS vulnerability Kaminsky found recently. The kind of big, distributed effort that was required to mitigate this threat is a rare thing indeed.More here.
The right people were notified quietly, the problem was explained, a fix was devised and the patch was applied in all the critical spots in an astonishingly short amount of time. And while Kaminsky took heat for overhyping the severity of the problem in the hopes of pumping up the attendance at his Black Hat talk, other researchers who had been briefed on the problem came forward and said, Look, this is a serious problem. Go patch. Right now. It looked like everything had worked smoothly and the furor was starting to die down as the community waited for Kaminsky to release the gory details next month.
And then in the space of a few hours on Monday, all hell broke loose.