How Secrecy Works- Patch the Whole Internet
Update! This entire article is cross-posted over at GeeksAreSexy.
US-CERT is finally doing the job it was envisioned to do back in 2004 when it was absorbed into the Department of Homeland Security. It is coordinating the efforts of Industry Leaders and maintaining top secrecy to do so to keep the internet secure. Yesterday an unprecedented effort came to a conclusion and patches for DNS Internet Infrastructure were released simultaneously by the biggest companies on the Internet. Cisco, Microsoft and Sun Microsystems each released patches that address a fundamental flaw in DNS, and they did so after secretly collaborating with each other and the Federal Government.
The flaw in DNS could have allowed an attacker to impersonate any server on the Internet by poisoning your DNS cache. And it was easy to do. Luckily the bad guys hadn’t stumbled across the vulnerability. And perhaps more amazing than the world’s largest internet companies collaborating with the government under a cone of silence? The vulnerability researcher, Dan Kaminsky, could have sold the vulnerability to the bad guys for hundreds of thousands of dollars, but being one of the good guys, he turned the information over to the US-CERT team for free.
To read the rest, you gotta go to [GAS]!
Awesome.