Last Updated: 2008-07-11 20:40:37 UTC
by Jim Clausing (Version: 1)
No, I don't really want to get into an argument about whether Dan Kaminsky has found anything new. It seems pretty clear that he's found a new, more efficient way to poison DNS caches or Microsoft/Cisco/ISC (not SANS ISC, but then you knew that) wouldn't have reacted in unison as they did, but we've known that the ID field was too small for something like 15 years and some folks like Dan Bernstein have been recommending using random source ports for about 10 years. In light of all of that noise, however, I was amused to read this Computerworld story about a bug in yacc (ah, the fond memories of my days writing compilers) that traces back to 1975 that was just discovered and fixed.