Civile.it
Civile.it
Per quei due che ancora credono possibile programmare software senza bachi, ecco l'annuncio di un baco nella gestione dei dns.
Tutti al link indicato per verificare se il software usato dall'isp e' sicuro o meno.
Ci sono ancora 30 giorni per aggiornarsi, lo facciano in fretta !
Se pero' al link indicato trovate di essere vulnerabili, suggeriamo di usare opendns subito, ricordando pero' di fare attenzione alle critiche ad open dns, soprattutto se usate internet anche per i pagamenti.
Da opendns:
"Pointing your DNS servers to forward requests to OpenDNS and firewalling all other DNS traffic off at your server will help mitigate this risk."
Al link indicato:
"So there’s a bug in DNS, the name-to-address mapping system at the core of most Internet services. DNS goes bad, every website goes bad, and every email goes…somewhere. Not where it was supposed to. You may have heard about this — the Wall Street Journal, the BBC, and some particularly important people are reporting on what’s been going on. Specifically:
"1) It’s a bug in many platforms
"2) It’s the exact same bug in many platforms (design bugs, they are a pain)
"3) After an enormous and secret effort, we’ve got fixes for all major platforms, all out on the same day.
"4) This has not happened before. Everything is genuinely under control.
"I’m pretty proud of what we accomplished here. We got Windows. We got Cisco IOS. We got Nominum. We got BIND 9, and when we couldn’t get BIND 8, we got Yahoo, the biggest BIND 8 deployment we knew of, to publicly commit to abandoning it entirely.
"It was a good day.
"CERT has details up, and there’s a full-on interview between myself and Rich Mogull up on Securosis. For the non-geeks in the audience, you might want to tune out here, but this is my personal blog and I do have some stuff to mention to the crew."
