I’ve been meaning to write a short summary about the DNS vulnerability that’s been hot news for the past few weeks. While preparing that I stumbled upon this report about a new attack that is being used. It appears that this is subtly different than the attack that was released earlier:
Moore said he and others were trying to figure out where the exploit originated. “We’re curious. It’s not based on our code, so is there some kind of phishing kit out there that includes it?” he said.
Moore details the attack on his weblog; another interesting tidbit that was new to me was that the opendns project apparently forwards traffic to Google to one of their own servers. So contrary to the advise that some people are giving, I’d like to urge people not to switch to OpenDNS, but instead to check the servers they are using and complain to their ISP or network admin when it appears to be vulnerable.