DNS vulnerability

Guys and girls, get your nameservers secured ASAP.

The DNS vulnerability everyone was talking about leaked on the internet, and I’m sure someone somewhere is already writing up code to take advantage of it…

Full story here.

Paul Vixie, the CEO of ISC (developers of bind/named), developer of CRON, who writes every so often on his circleid.com account made a short FAQ about the vulnerability:

Reactions have been mixed, but overall, negative. As the coordinator of the combined vendor response, I’ve heard plenty of complaints, and I’ve watched as Dan Kaminsky has been called an idiot for how he managed the disclosure. Let me try to respond a little here, without verging into taking any of this personally.

Q: “This is the same attack as <X> described way back in <Y>.”
A: No, it’s not.

Q: “You’re just fear-mongering, we already knew DNS was terribly insecure.”
A: Everything we thought we knew was wrong.

Q: “I think Dan’s new attack is <Z>.”
A: If you guess right, you can control the schedule, is that what you want?

Q: “I think Dan should have just come right out and described the attack.”
A: Do you mind if we patch the important parts of the infrastructure first?

Q: “Why wasn’t I brought into the loop?”
A: Management of trusted communications is hard. No offense was intended.

Full article here.

And you can check your ISP’s nameservers from this page: https://www.dns-oarc.net/oarc/services/dnsentropy You need to look at that test for port randomization, and you need to be above average to be safe. Beware that refreshing the test page will not show up *new* results, even if you make changes to your nameservers, so you need to go back to the prior link, and click on “Test my DNS” again.

This is serious folks!

O fapta buna si un bug de wordpress

Am facut o fapta buna azi.

M-am trezit dimineata, am pus de-o cafeluta, si printre inghitituri citeam blogu’ lu Gropariu. La postul ala secsy cu udatu’ colegei, de servici, am dat pe afara, si cafeaua evident a urmat gravitatia direct pe tricoul meu. Buna treaba. N-am reusit sa pun comment, si l-am luat la suturi pe acest nemernic Gropar care ma face sa imi vars eu cafeluta si apoi nu ma lasa sa comentez, drept urmare am aflat ca saitu Groparului e stricat. Mi-a zis una alta, am dat de un vechi prieten, care se ocupa de hostingu Groparului, Alin sau sysalin, si impreuna am reparat problema.

Sa va fie invatatura de minte sa va tineti blogul la zi, nu numai cu posturi ci si cu versiunea de wordpress din spate, altfel patiti si voi o treaba de asta, si incepand de azi, taxa de reparatii la astfel de probleme este de juma’ de bere. Am zas!

Trecand peste asta, ma gandeam sa imi fac si eu update de la WordPress 2.5 la 2.6 dar am remarcat un mic bug pe care l-au uitat baietii acolo, cu categoriile posturilor, si am o jena sa nu o patesc si eu, asa ca mai astept cateva zile pana cand pe langa timpul de upgrade o sa am timp sa il si repar daca se strica. Nu e mult de munca, dar e migaloasa treaba, si nah… lenea e mare si la mine.

Daca ati facut update la wordpress si aveti probleme cu categoriile, David Cumps are o rezolvare aici.

PS: Note to self: A nu se citi blogul groparului in timpul cafelei de dimineata!!!