The article doesn't really say what the issue is/was (which I suppose is good). I'm also unclear as to just how this "patch" is applied. The quote above seems to suggest that it might be at the level of the individual computer. If so, is it OS dependent? If Microsoft and Cisco are the main players in this game, what about Mac and Linux/UNIX? Or am I being dense?

Stuff the Internet !

Bring back CIX on a 1200/75 baud modem !

(err, probably showing my age a bit here ! )

Not as much as your name/av's reference to a 34 year old movie.

Al-Quida hackers are everywhere.... LOL!

Security fascists here at home pose a much greater threat to my liberty.

http://arstechnica.com/articles/culture/fisa-compromise.ars
http://www.washingtontimes.com/webl...8/Jul/01/want-some-torture-with-your-peanuts/

'Insufficient randomness' is the currently quoted reason for the patch.

The patch is for DNS servers rather than clients, and each vendor has to do their own fix.

Details of the actual fault are being withheld for 30 days to allow most places to fix the problem so we don't get people trying to break things while the patching is going on.

Harry.

Give me the information and I'll decide how serious the problem is. Otherwise nothing is going to get patched. You can't just disrupt business because "Paul Vixie says so". That's not going to fly anywhere.

Actually - it is flying a lot. A large number of ISPs in the UK are patching their systems to my knowledge.

Mind you - there is sufficient known about the problem and the patch to convince most system admins. What isn't known is the supposed 'shortcut' that this guy has found. However - the current fix is the same however he has done it - increase randomness.

Harry.

I'm convinced this flaw is behind, or partially behind, the recent hijackings of IANA and ICANN that have crept under the radar of the mainstream press. Usually I couldn't give a monkeys about this sort of thing, but this time I'm taking it seriously - its not so much the implications for our own infrastructure that worry me, more the potential for someone to start using our sites as a launchpad for XSS attacks. I don't want to start getting phonecalls from irate people telling me our DNS infrastructure was used to con them out of their banking passwords!

I think I posted before that something like this vulnerability has certainly been postulated before, and may well already be out there in the wild but limited to 'real' hackers rather than script kiddies. I've heard it discussed in government security circles in the past, but never had any concrete information on it.

Ordinarily I'd agree with Crit - there's so much scaremongering done by security companies that you just start to get immune to all the bull**** that flies around - only this time I'm taking notice.

http://it.slashdot.org/article.pl?no_d2=1&sid=08/07/18/1210257

""Red Hat's response to update bind through RHN, patching the DNS hole, made a fatal error which will revert all name servers to caching only servers. This meant that anyone running their own DNS service promptly lost all of their DNS records for which they were acting as primary or secondary name servers. Expect quite a few services provided by servers running RHEL to, errr, die until their system administrators can restore their named.conf."

... and sometimes the cure is worse than the disease.

Some of the comments to that posting suggest that the OP has made some silly errors, and the fault might not be RedHat's.

Harry.

It would be nice to hear how this hole can be patched, just too much screaming with no one coming out with a solid solution

IMVHO, it should have been treated as a bug and corrected as part of the normal build/test/release cycle. This hole had never been exploited and wasn't costing anybody anything. It certainly didn't warrant screaming "hackers are going to take over the internet".