Details are here: http://www.links.org/files/openid-advisory.txt
Sun’s official response is here: http://blogs.sun.com/racingsnake/entry/one_factor_trust_multi_factor
Let’s hope links.org can withstand the inevitable slashdotting…
OpenID/Debian PRNG/DNS Cache poisoning advisory
Comments
2 responses to “OpenID/Debian PRNG/DNS Cache poisoning advisory”
-
I attended a local user group meeting last night* and the speaker [Jeremy C Reed] said that it could take many years to patch Every System Out There.
In 10wol: he was there to push DNSSEC [RFC 4641 = DNSSEC best practices] as a fix to prevent cache poisoning,
related reading:
CERT 800113 : Multiple DNS implementations vulnerable to cache poisoning
RFC 4033 : DNS Security Introduction and Requirements
DNSSEC = Domain Name System Security Extensions
-
One of the CA’s in the Asia Pacific PMA (not ours!) recently got dropped from the bundle because their CA cert was weak due to the Debian PRNG issue.. 🙁
Leave a Reply