Tuesday, July 08, 2008

At least we were spared with the details of another randomness bug? For now.

So based on the Dark Reading article I'm not sure how scared I should be, but if in doubt I'll go with what Tom P says. He might not know how to keep his Volvo full of gas, but he knows everything else.

(Full disclosure: I was a few minutes away from walking along I-70 yesterday not knowing where the hell the nearest High's was)

But the world didn't end with CA-2001-09 or TA04-111 (the link to the original UNIRAS advisory was gone) so I doubt everything will come crashing down in the coming weeks, but we can only hope.

How many calls for DNSSEC or IPv6 or something tomorrow? And once again, this one of those bugs that its unclear if it is as old as the hills or something revolutionary. And whether it is a design flaw or an implementation bug. And if it is a design flaw in the protocol then why is everyone fixing their implementations? And you if you look at the affected vendors in the CERT advisory. Drum roll.... Doesn't look like the advisory is updated cause Debian already out. No status or FreeBSD or OpenBSD? MIA, again. Will the BSD's be affected?

But I'm glad I'm neck-deep (and nearly drowning) in hell-ish compliance standards for the near term so I don't have to worry about any of these hard questions!

1 comment:

Matt Franz said...

I knew DNSSEC would come up!