Thread
:
US-CERT TCSA TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning
View Single Post
#
9
July 11th 08, 03:05 AM posted to microsoft.public.win98.gen_discussion
MEB[_2_]
External Usenet User
Posts: 1,626
US-CERT TCSA TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning
ADDENDUM
In at ,
MEB contemplated and posted:
| In at ,
| Vince contemplated and posted:
|| On Wed, 9 Jul 2008 11:51:31 -0400, "MEB" meb@not
|| wrote:
||
||III. Solution
||
||Apply a patch from your vendor
||
|| There's nothing like reading multiple articles on something you know
|| absolutely nothing about to make you feel dumber than a box of rocks.
||
|| So . . . no patch will ever be forthcoming from Microsoft for
|| Windows 9x, as it's well beyond its end of life. Is Win9x vulnerable
|| to this problem?
|
| WEEEEELLL, no exactly true, there will be no patch from Microsoft,
| but that certainly doesn't mean 9X is left defenseless.
|
| Might try MSFN and other un-official sites for a patch IF you need
| one, however, the issue affects your ISP more than you initially, and
| the sites you visit e.g., Apache, IIS, Server 2003/2008, Solaris,
| etc., will be receiving the patches. 9X will be vulnerable via the
| DNS activity pending whatever work-arounds/fixes are provided, though
| HOW your DNS is handled will determine the effect and extent of your
| vulnerability. For instance: AOL just issued a work-around/patch,
| whether this is the final fix or not is unknown at this point.
|
| --
| MEB
Of course the above does not mean that unsavory/malicious sites or their
linked ADS and other links, can not be used against ANY system. So, as
usual, you must make a effort to address the issue locally, first by your
activities, and with whatever you think you need.
If you're paranoid or wish more security [which some label paranoia], there
are/were DNS and web server/proxy services/applications for 9X which would
intercept these activities, and your HOSTS, firewall, script/scripting, and
TCP/IP setup can, once again, be used to help negate the issue.
*NOTE:*
This isn't something new to the hacker/cracker world, the reason its now of
deeper concern is the extended use on the Internet and against business and
commercial sites [which of course then affects the Internet user].
By Spacefox,
Secure Sphere Crew - January 23rd, 2002
http://www.securesphere.net/download...s/dnsspoof.htm
http://www.google.com/search?hl=en&q...oogle+Sea rch
--
MEB
http://peoplescounsel.orgfree.com
--
_________
MEB[_2_]
View Public Profile
View message headers
Find all posts by MEB[_2_]
Find all threads started by MEB[_2_]
