Kaminsky: DNS Flaw details leaked

Technical details of a flaw in the Domain Name System that made headlines earlier this month were accidentally posted to a well-read security blog Monday. Details of the Domain Name System (DNS) flaw uncovered by security researcher Dan Kaminsky have found their way into the public arena.Kaminsky, who is the director of penetration testing for […]

Technical details of a flaw in the Domain Name System that made headlines earlier this month were accidentally posted to a well-read security blog Monday. Details of the Domain Name System (DNS) flaw uncovered by security researcher Dan Kaminsky have found their way into the public arena.

Kaminsky, who is the director of penetration testing for the security firm IOActive, had planned on keeping the specifics of his discovery close to his vest until the Black Hat conference next month in Las Vegas. Now, the details of his findings appear to have leaked out by accident.

On Monday, reverse engineering expert and Zynamics CEO Halvar Flake posted speculation about the bug on a blog. In response, security research and development firm Matasano Security, which was aware of the true details of the flaw, posted confirmation of Flake's speculation on the Matasano company blog. The Matasano post has since been taken down, but remains alive courtesy of a Google search.

But not before others had grabbed the information and reposted it elsewhere, leading Kaminsky to post an urgent 0-day message on his blog reading, “Patch. Today. Now. Yes, stay late.”

More infoWired | eWeek